0
$sql="SELECT * FROM Users WHERE '$searchType' = '$search'";

searchType is the column and search is what I want to search for.

I have checked my form and it is posting the values but failing when it gets to my sql.

Successfully connected to the database Types: - cusNamevalue: - Fred0 search results

<form id="form1" name="form1" method="POST" action="search.php">

<p>
  <label for='name' >Search for a customer: </label>
  <input type='text' name='search' id='customername' maxlength="45" required/>
</p>
<input type="hidden" name="searchType" value="cusName"/>
<input type='submit' name='submit' value='Submit'/>

</form>
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
RevHawk
  • 1
  • 1

1 Answers1

0

It is not the very best practice to use not binded parameters in query string. But just to resolve the current problem you should replace single quotes to backticks around the column name:

 $sql="SELECT * FROM Users WHERE `$searchType` = '$search'";
Alex
  • 16,739
  • 1
  • 28
  • 51
  • This is not working! `$sql="SELECT * FROM Users WHERE `$searchType` = '$search'";` generates `SELECT * FROM Users WHERE ``cusName`` = 'wrf'` – RevHawk May 15 '15 at 00:14
  • I had to double quote cusName to get it to highlight it as code! I then manually put the sql in myPHPadmin to test it and it returns the result. – RevHawk May 15 '15 at 00:20
  • cusName wrf cusAddress werw cusPostcode rwerw cusTel 43525 cusEmail rer@hot.com – RevHawk May 15 '15 at 00:26