0

Sorry for the bad title, couldn't come up with anything better.

I have a PHP query to my database like:

$results = $db->query("SELECT shopname, image, price, location FROM shops WHERE shopname LIKE '%" . $_GET["shopname"] . "%'");

and it works fine, but I'd like it to have more like:

$results = $db->query("SELECT shopname, image, price, location FROM shops WHERE shopname LIKE '%" . $_GET["shopname"] . "%' OR location LIKE '%" . $_GET["location"] . "%'");

but that "OR" part somehow keeps staying inside some quotes and thus giving me:

Notice: Undefined index: location in C:\xampp\htdocs\harj\app.php on line 13.

I'm sure this is just some oversight by me but after spending a long time here wondering whats wrong any help would be appreciated.

rikuw
  • 55
  • 2
  • 3
  • 1
    Could you please post the rest of the code. Also, PLEASE don't insert a $_GET variable directly into your query without escaping ti first - you're asking to be hacked! – danmullen Oct 06 '14 at 15:16
  • ````$_GET["location"]```` is not defined, or no value is passed to it. Is your link like this: ````test.php?shopname=shop&location=Hawaii```` ? – Alex Szabo Oct 06 '14 at 15:16
  • Thank you danmullen for pointing out to not put $_GET in my query! And Alex yes the issue was that there was no value passed to location. So problem solved, stupid me! – rikuw Oct 06 '14 at 15:21
  • 1
    If you're using PDO, you'll absolutely want to use the [prepared statements](http://php.net/manual/en/pdo.prepare.php) feature. What you're doing here is reckless and asking for trouble. – tadman Oct 06 '14 at 15:58

0 Answers0