0

I'm new to SQL can't seem to group multiple LIKE statements together. Any idea what I am doing incorrectly?

$query = mysqli_query($mysqli, "SELECT * FROM table_name
            WHERE Page LIKE ".$page."
            AND Profession LIKE ".$profession.", 
            AND Age LIKE ".$age."");

Thanks.

Jordan.J.D
  • 7,999
  • 11
  • 48
  • 78
Mark Biwojno
  • 55
  • 1
  • 1
  • 7
  • What are the values in `$page`, `$profession` & `$age`. – Giacomo1968 May 29 '14 at 16:14
  • What is going wrong? Do you have an error or do you have wrong result? – Hamlet Hakobyan May 29 '14 at 16:16
  • 1
    use single quotes '.$page.' '.$profession.' '.$age.' – Ezhil May 29 '14 at 16:16
  • When using `mysqli` you should be using parameterized queries and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). You shouldn't have to concern yourself with quoting issues. – tadman May 29 '14 at 16:17
  • 2
    what's the point of using mysqli when you create your query like that, without bindings. – user2009750 May 29 '14 at 16:17
  • @ɢʜʘʂʈʀɛɔʘɴ The point is someone being a newbie moving from `mysql_*` extensions to `mysqli_*` extensions & learning the basics. It’s not invalid at all. – Giacomo1968 May 29 '14 at 16:23
  • you should not use comma after and so remove comma after '$profession.' – Ezhil May 29 '14 at 16:24

2 Answers2

1

Its likely because they are not enclosed correctly

$query = mysqli_query($mysqli, "SELECT * FROM table_name
            WHERE Page LIKE ".$page."
            AND Profession LIKE ".$profession."
            AND Age LIKE ".$age."");

when compiled is something like

SELECT * FROM table_name
            WHERE Page LIKE page number 1
            AND Profession LIKE my profession
            AND Age LIKE 100

which is invalid SQL

You need to use quotes and escape the values

$query = mysqli_query($mysqli, "SELECT * FROM table_name
            WHERE Page LIKE '%".$page."%'
            AND Profession LIKE '%".$profession."%'
            AND Age LIKE '%".$age."%'");

would give 

SELECT * FROM table_name
            WHERE Page LIKE '%page number 1%'
            AND Profession LIKE '%my profession%'
            AND Age LIKE '%100%'

Which will likely give a result of what you would expect

Make sure the values are safe though by at bare minimum using http://www.php.net/manual/en/mysqli.real-escape-string.php though looking at prepared statements would be a better option

Edit:

Remove comma after LIKE ". $profession."

Janne Savolainen
  • 125
  • 5
exussum
  • 18,275
  • 8
  • 32
  • 65
0

This would be a lot easier to get right if you use placeholders and bind_param:

$stmt = mysqli_query($mysqli, "SELECT * FROM table_name
            WHERE Page LIKE ?
            AND Profession LIKE ?
            AND Age=?");

mysqli_stmt_bind_param($stmt, 'ssi', "%" . $page . "%", "%" . $profession. "%", $age);

mysqli_stmt_execute($stmt);
tadman
  • 208,517
  • 23
  • 234
  • 262