Is my syntax of including php variable in MySQL is correct?

Question

this my code:

  $international_categories = $_GET['international_categories'];

      $query = "SELECT * 
      FROM 
        tourDB
      WHERE 
        categories LIKE '$international_categories'";

  $result = mysql_query( $query ) or die ( mysql_error() );

  if ( $result !== false && mysql_num_rows($result) > 0 ) {
    while ( $ilist = mysql_num_rows( $result ) > 0)  {
        $tour_id             = stripslashes( $ilist[ 'tour_id' ] );
        $tour_type           = stripslashes( $ilist[ 'tour_type' ] );
        $tour_name           = stripslashes( $ilist[ 'tour_name' ] );
        $day                 = stripslashes( $ilist[ 'day' ] );
        $nights              = stripslashes( $ilist[ 'nights' ] );
        $tour_price          = stripslashes( $ilist[ 'tour_price' ] );
        $overview            = stripslashes( $ilist[ 'overview' ] );
        $itinerary           = stripslashes( $ilist[ 'itinerary' ] );
        $terms_conditons     = stripslashes( $ilist[ 'terms_conditons' ] );
        $inclusions          = stripslashes( $ilist[ 'inclusions' ] );
        $exclusions          = stripslashes( $ilist[ 'exclusions' ] );
        $twin_triple_sharing = stripslashes( $ilist[ 'twin_triple_sharing' ] );
        $single_occcupancy   = stripslashes( $ilist[ 'single_occcupancy' ] );
        $child_with_no_bed   = stripslashes( $ilist[ 'child_with_no_bed' ] );
        $inf_below           = stripslashes( $ilist[ 'inf_below' ] );
        $pricing_details     = stripslashes( $ilist[ 'pricing_details' ] );
        $url                 = stripslashes( $ilist[ 'url' ] );
        $international_list_cat .= <<<INTERNATIONAL_LIST_CAT
        <!-- html output -->

       INTERNATIONAL_LIST_CAT;
    }
else {
    $international_list_cat = <<<INTERNATIONAL_LIST_CAT
    <!-- html output -->

    INTERNATIONAL_LIST_CAT;
}

i was trying to short the rows who's column "categories" have a value of "$international_categories"

value's of $international_categories = $_GET['international_categories'] has spaces as well, although I am getting $_GET['international_categories'] here but MySQL is not sorting out the rows which has the value of $_GET['international_categories'] in its 'categories' column.

Answer 1

Convert

while ( $ilist = mysql_num_rows( $result ) > 0)  {

to

while ( $ilist = mysql_fetch_array( $result ))  {

Thanks to Barmar for warning me.

But as some of other fellow users has commented, MySQL is deprecated and is highly vulnerable against SQL Injection attacks. You could use PDO or MySQLi. I'd prefer MySQLi and I would convert your code into this:

//Define a mysqli variable to use for database connections
$mysqli->new mysqli(host, user, password, dbname);

$international_categories = $_GET['international_categories'];

//Add other columns into query or use *
$query = $mysqli->prepare("SELECT tour_id, tour_type FROM tourDB WHERE categories=?");
//Now we are inserting our external variable into our query
$query->bind_param("i", $international_categories);
$query->execute();
//Now we are declaring variables in order to fetched columns in our SELECT query.
//Add other columns into next line.
$query->bind_result($tour_id, $tour_type);
while($query->fetch())
{
    $international_list_cat .= <<<INTERNATIONAL_LIST_CAT
        <input type="text" value="$tour_type" />
<!-- html output -->

INTERNATIONAL_LIST_CAT;
}

//Now close connection
$query->close();

Answer 2

while ($ilist = mysql_num_rows($result) > 0) {

should be:

while ($ilist = mysql_fetch_assoc($result)) {