1

This is my first PHP application I've ever made; I started learning PHP this week, so don't kill me, ok? ;)

I'm trying to use this script to find which DJs in our database are available. For some reason, when I manually enter the region like:

 'regions' LIKE \'tn_tricities\'

it returns results, but when I enter it like:

 $region = 'tn_tricities'
 ...
 `regions` LIKE \'$region\'

it doesn't return any results. Any idea how to fix this? or if I'm totally going in the wrong direction and this is not the best way to check availability, PLEASE let me know!

The full code:

 $region = $_GET['region'];
 $date = $_GET['date'];

 require "connect.php";
 echo $region;
 $sql = 'SELECT `vendorName`, `vendorBio`, `vendorType`, `regions` FROM
 `vendors` WHERE `regions` LIKE \'$region\' AND `datesBooked` NOT LIKE
 \'$date\'  AND `datesUnavailable` NOT LIKE \'$date\' ';
Timothy Richard Elliott
  • 173
  • 1
  • 1
  • 10
  • This is what I get straight from PHPMyAdmin: $sql = 'SELECT `vendorName`, `vendorBio`, `vendorType`, `regions`, `datesBooked`, `datesUnavailable` FROM `vendors` WHERE `regions` LIKE CONVERT(_utf8 \'tn_tricities\' USING latin1) COLLATE latin1_swedish_ci AND `datesBooked` NOT LIKE CONVERT(_utf8 \'05012015\' USING latin1) COLLATE latin1_swedish_ci AND `datesUnavailable` NOT LIKE CONVERT(_utf8 \'05012015\' USING latin1) COLLATE latin1_swedish_ci'; When I change the quotes on the outside to double-quotes, it doesn't return any results. If you would like to look at the site it's fiestausa.com – Timothy Richard Elliott Apr 23 '15 at 07:15
  • This works: $region = 'tn_tricities'; echo $region; require "connect.php"; echo $region; $sql = 'SELECT `vendorName`, `vendorBio`, `vendorType`, `regions`, `datesBooked`, `datesUnavailable` FROM `vendors` WHERE `regions` LIKE \'tn_tricities\' AND `datesBooked` NOT LIKE \'05012015\' AND `datesUnavailable` NOT LIKE \'05012015\' '; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { echo '
    '.$row["vendorName"]."
    ".'
    '.$row["vendorBio"]."
    "; } But the moment I change it to double quotes, it returns no results. :(     – Timothy Richard Elliott Apr 23 '15 at 07:39

5 Answers5

0

Try this one,

$region = $_GET['region'];
$date = $_GET['date'];

require "connect.php";
echo $region;

$sql = "SELECT `vendorName`, `vendorBio`, `vendorType`, `regions` FROM `vendors` WHERE `regions` LIKE '$region' AND `datesBooked` NOT LIKE '$date'  AND `datesUnavailable` NOT LIKE '$date' ";
$result = mysql_query($sql);

Hope this works.

Jithin Varghese
  • 2,018
  • 3
  • 29
  • 56
  • This works: $region = 'tn_tricities'; echo $region; require "connect.php"; echo $region; $sql = 'SELECT vendorName, vendorBio, vendorType, regions, datesBooked, datesUnavailable FROM vendors WHERE regions LIKE \'tn_tricities\' AND datesBooked NOT LIKE \'05012015\' AND datesUnavailable NOT LIKE \'05012015\' '; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { echo '
    '.$row["vendorName"]."
    ".'
    '.$row["vendorBio"]."
    "; } But the moment I change it to double quotes, it returns no results. :(     – Timothy Richard Elliott Apr 23 '15 at 07:39
0

You are using single quotes ('). Variables will not be parsed. Either bring your variables outside of your quotes, or use double quotes (").

$sql = 'SELECT `vendorName`, `vendorBio`, `vendorType`, `regions` FROM
 `vendors` WHERE `regions` LIKE \'' . $region . '\' AND `datesBooked` NOT LIKE
 \'' . $date . '\'  AND `datesUnavailable` NOT LIKE \'' . $date . '\' ';
// OR
$sql = "SELECT `vendorName`, `vendorBio`, `vendorType`, `regions` FROM
 `vendors` WHERE `regions` LIKE '$region' AND `datesBooked` NOT LIKE
 \'$date\'  AND `datesUnavailable` NOT LIKE '$date' ";

Also beware of SQL injections.

Community
  • 1
  • 1
vdwijngaert
  • 1,515
  • 11
  • 24
  • This works: $region = 'tn_tricities'; echo $region; require "connect.php"; echo $region; $sql = 'SELECT vendorName, vendorBio, vendorType, regions, datesBooked, datesUnavailable FROM vendors WHERE regions LIKE \'tn_tricities\' AND datesBooked NOT LIKE \'05012015\' AND datesUnavailable NOT LIKE \'05012015\' '; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { echo '
    '.$row["vendorName"]."
    ".'
    '.$row["vendorBio"]."
    "; } But the moment I change it to double quotes, it returns no results. :(     – Timothy Richard Elliott Apr 23 '15 at 07:39
0

single quotation does not allow you to use variables inside. instead use double quotes:

$sql = "SELECT `vendorName`, `vendorBio`, `vendorType`, `regions` FROM
 `vendors` WHERE `regions` LIKE \'$region\' AND `datesBooked` NOT LIKE
 \'$date\'  AND `datesUnavailable` NOT LIKE \'$date\' ";
niyou
  • 875
  • 1
  • 11
  • 23
  • This works: $region = 'tn_tricities'; echo $region; require "connect.php"; echo $region; $sql = 'SELECT vendorName, vendorBio, vendorType, regions, datesBooked, datesUnavailable FROM vendors WHERE regions LIKE \'tn_tricities\' AND datesBooked NOT LIKE \'05012015\' AND datesUnavailable NOT LIKE \'05012015\' '; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { echo '
    '.$row["vendorName"]."
    ".'
    '.$row["vendorBio"]."
    "; } But the moment I change it to double quotes, it returns no results. :(     – Timothy Richard Elliott Apr 23 '15 at 07:41
0

That's because of the difference between Single Quotes and Double Quotes.

Single Quotes do not "read" variables inside them and just print what you write. Double Quotes instead read the variable value and replace the string you've wrote with them.

Little example:

$var = "Hello";

echo "$var";
//prints Hello
echo '$var';
// prints $var

So simply enclose your query in double quotes and everything should work fine:

$sql = "SELECT `vendorName`, `vendorBio`, `vendorType`, `regions` FROM `vendors` WHERE
`regions` LIKE \'$region\' AND `datesBooked` NOT LIKE \'$date\'  AND `datesUnavailable`
NOT LIKE \'$date\'";
Realitätsverlust
  • 3,941
  • 2
  • 22
  • 46
  • That still doesn't seem to return any results :( I copied and pasted straight from your example, and it works when I put tn_tricities in, but when I change it to LIKE \'$region\' it doesn't work :( – Timothy Richard Elliott Apr 23 '15 at 07:01
  • This works: $region = 'tn_tricities'; echo $region; require "connect.php"; echo $region; $sql = 'SELECT vendorName, vendorBio, vendorType, regions, datesBooked, datesUnavailable FROM vendors WHERE regions LIKE \'tn_tricities\' AND datesBooked NOT LIKE \'05012015\' AND datesUnavailable NOT LIKE \'05012015\' '; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { echo '
    '.$row["vendorName"]."
    ".'
    '.$row["vendorBio"]."
    "; } But the moment I change it to double quotes, it returns no results. :(     – Timothy Richard Elliott Apr 23 '15 at 07:39
0

Please do not use direct variables for mysql queries. Someone can submit ; DELETE * FROM TABLE; or any arbitrary mysql code as the date or region and can do very evil things to your server. Please use an escape function such as mysqli_real_escape_string.

I would recommend:

$sql = 'SELECT `vendorName`, `vendorBio`, `vendorType`, `regions` FROM
 `vendors` WHERE `regions` LIKE \'' . $region . '\' AND `datesBooked` NOT LIKE
 \'' . mysqli_real_escape_string($date) . '\'  AND `datesUnavailable` NOT LIKE \'' . real_escape_string($date) . '\' ';

Please read up more about sql injection - http://en.wikipedia.org/wiki/SQL_injection.

PressingOnAlways
  • 11,948
  • 6
  • 32
  • 59
  • This works: $region = 'tn_tricities'; echo $region; require "connect.php"; echo $region; $sql = 'SELECT vendorName, vendorBio, vendorType, regions, datesBooked, datesUnavailable FROM vendors WHERE regions LIKE \'tn_tricities\' AND datesBooked NOT LIKE \'05012015\' AND datesUnavailable NOT LIKE \'05012015\' '; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { echo '
    '.$row["vendorName"]."
    ".'
    '.$row["vendorBio"]."
    "; } But the moment I change it to double quotes, it returns no results. :(     – Timothy Richard Elliott Apr 24 '15 at 01:01