How can i use variable in Mysql Query

Question

I have this query :

 $result = mysql_query("select * FROM  `agents_infos` 
 WHERE ( agent_name LIKE  '%$name%' )");

the $name is :

 $name =$_POST['name'];

I want to get in the result, all the element that contains the name , but I get nothing. Can you help me please?

Has your variable $name actually a value? You could try printing it like `echo $name` or check your query `echo "select * FROM agents_infos WHERE ( agent_name LIKE '%$name%' )"` — endofsource, May 11 '14 at 17:54
Maybe magic quotes are disabled on your server. Try: `$result = mysql_query("select * FROM agents_infos WHERE ( agent_name LIKE '%" . $name . "%' )");` — endofsource, May 11 '14 at 18:00

score 0 · Accepted Answer · answered May 11 '14 at 17:57

0

in order to receive a list of all element that contains the name, you can write:

$name = $_POST['name'];  
$result = mysql_query("SELECT * FROM  `agents_infos` WHERE ( agent_name LIKE  '%".$name."%' )");

to avoid code injection i advice to use

$name = mysql_real_escape_string( $_POST['name'] );

instead of

$name = $_POST['name'];

answered May 11 '14 at 17:57

Mat_Tgn

58
1
7

1

`mysql_real_escape_string` does not prevent injection. – The Blue Dog May 11 '14 at 17:59
and the mysql extension is deprecated – Jonathan May 11 '14 at 18:00

score 0 · Answer 2 · edited May 23 '17 at 10:33

Firstly, you need to sanitize your input: What's the best method for sanitizing user input with PHP? then you need to use mysqli instead of mysql : http://php.net/manual/en/migration55.deprecated.php

then you can do this:

$name = mysqli_real_escape_string($_POST['name']);

$query =  "select * FROM  `agents_infos` WHERE ( agent_name LIKE  '%".$name."%' )";
$result = mysqli_query($query);

How can i use variable in Mysql Query

2 Answers2