-1

I'm passing a string with AJAX and trying to find the mySQL db entry that contains the string in one of its columns. I think the string passing is OK but perhaps the mySQL code is incorrect?

$id = ($_POST['video_id']);

$text_result = mysql_query("SELECT * FROM `wmtwDB` WHERE `url` LIKE (" . $id . ") LIMIT 1");
Lukesmith
  • 170
  • 2
  • 16
  • Perhaps it is perhaps it is not. Who knows? – PeeHaa Apr 27 '14 at 15:04
  • 1. mysql_ libraries deprecated. 2. SQL injection possible 3. Check test_result is false, if so print the error – Ed Heal Apr 27 '14 at 15:04
  • also, why the hell are you using `LIKE` there ?! – tereško Apr 27 '14 at 15:05
  • **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Apr 27 '14 at 15:09
  • I agree with tereško, an ID is unique, or at least should be. A `LIKE` is to be used for finding similar results. You should also use the wildcards in a LIKE. %URL is Ends with URL% is Begins with %URL% is Contains. – ZeroBased_IX Apr 27 '14 at 15:11

1 Answers1

1

LIKE syntax is failing. Try with:

$text_result = mysql_query("SELECT * FROM `wmtwDB` WHERE `url` LIKE %" . $id . "% LIMIT 1");
Zerquix18
  • 769
  • 6
  • 19