0
$(document).ready(function(){
    $('input.phonebook_user').phonebook_user({
        name: 'phonebook_user',
        remote:'search.php?type=PHONEBOOK&key=%QUERY%',
        limit : 10
    });
});

and

<form method="post">
<table border="0">
<tr>
<td><input type="text" name="phonebook_name" placeholder="PhoneBook Name" required /></td>
</tr>
<tr>
<td><input type="text" name="phonebook_user" class="typeahead tt-query" autocomplete="off" spellcheck="false" placeholder="Type username to manage phonebook"></td>
</tr>
<tr>
<td><button type="submit" name="com_btn-phbook-create">Create PhoneBook</button></td>
</tr>
</table>
</form>

and

$TYPE=$_GET['TYPE']; // user or company
if($TYPE=="USER") {
    $KEY=$_GET['key'];
    $array = array();
    $query=mysql_query("SELECT * FROM `users` WHERE `email` LIKE '%{$key}%'");
    while($row=mysql_fetch_assoc($query))
        {
            $array[] = $row['email'];
        }
    echo json_encode($array);
}
else if($TYPE=="COMPANY") {
    $KEY=$_GET['key'];
    $array = array();
    $query=mysql_query("SELECT * FROM `company` WHERE `company` LIKE '%{$key}%'");
    while($row=mysql_fetch_assoc($query))
        {
            $array[] = $row['name'];
        }
    echo json_encode($array);
}
else if($TYPE=="PHONEBOOK") {
    $KEY=$_GET['key'];
    $array = array();
    $query=mysql_query("SELECT * FROM `users` WHERE `username` LIKE '%{$key}%'");
    while($row=mysql_fetch_assoc($query))
        {
            $array[] = $row['user_id'];
        }
    echo json_encode($array);
}

I'm trying to pull the e-mail of a user name that is getting typed and the box does not seem to show the drop down list of user names to select when you start to type in a user name. Just curious where I am going wrong with this code.

My goal is so that a user types in a user name, the drop down list shows possible matches and when you select that name, it pulls their e-mail which is then submitted to another query.

I had it working when I was just using ?key=%QUERY% in the javascript.

Am I doing my if and else statements wrong?

Jason
  • 811
  • 1
  • 12
  • 26
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Aug 05 '15 at 12:48
  • If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) [statements](http://php.net/manual/en/pdo.prepared-statements.php) instead, and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Aug 05 '15 at 12:48
  • Use SELECT * FROM `users` WHERE `username` LIKE '%$key%'. Remove { and } from query – Santosh Jagtap Aug 05 '15 at 12:51
  • The curly braces in the queries are just fine @SantoshJagtap – Jay Blanchard Aug 05 '15 at 12:52
  • Its an ajax call to php file and sending data through url. Used GET which is correct – Santosh Jagtap Aug 05 '15 at 12:53
  • 1
    your using `type` in smallcase to pass from jquery, while when you are getting it from PHP you are using $_GET['TYPE'] `type` in uppercase ? – Hirdesh Vishwdewa Aug 05 '15 at 12:57

1 Answers1

2

Thought that problem is due to %. sending the search string enclosed in % 

remote:'search.php?type=PHONEBOOK&key=%QUERY%',

And also enclosed it in % in query

SELECT * FROM `users` WHERE `email` LIKE '%{$key}%'

Also check the cases of variables in url 'type' and in php code $_GET['TYPE'] also $KEY and $key

Santosh Jagtap
  • 995
  • 8
  • 17