0

I can't understand what is wrong with this query.

For example: From table names I want to get all records which match string Hound, like hound, Hound 1.2.3, HoundChat, hound version 5.0.2.6, HOUND ver.7.4.4(1536).

Also, string I'll get from $nameid which is associated with column name in table names.

$files = mysql_query("SELECT * FROM names WHERE name LIKE '$nameid%'") or die(mysql_error());
$i=1;  while($row=mysql_fetch_array($files)) {
echo "<a href=\"/files/$row[1]\>";
$i++;

UPDATE: I've get success with $nameid= substr($_GET['name'],0,5); Which get only 5 characters from variable and works for me.

creeds
  • 25
  • 4
  • 1
    Please stop using the _deprecated_ mysql functions and move to either `mysqli` or `PDO` – DirtyBit Sep 26 '15 at 17:55
  • What is the error you gets ? – Yogus Sep 26 '15 at 18:01
  • what is the value of $nameid when you run the query? try to echo it... – Julio Soares Sep 26 '15 at 18:01
  • @HawasKaPujaari Can I use mysqli functions with mysql function at same time but on different queries. – creeds Sep 26 '15 at 18:17
  • @Julio Soares Value of $nameid are: many records like Hound, hound 1.2.3, HOUND 5,6,7. – creeds Sep 26 '15 at 18:18
  • no... I meant... `echo "SELECT * FROM names WHERE name LIKE '$nameid%'";` prints what? – Julio Soares Sep 26 '15 at 18:20
  • @creeds No, both are different. It isn't hard to learn mysqli. Give it a firm try! – DirtyBit Sep 26 '15 at 18:20
  • @creeds, a simple fix should be to replace your query with this one `"SELECT * FROM names WHERE name LIKE '%$nameid%'"` However, I strictly urge to move to either `mysqli` or `PDO` – DirtyBit Sep 26 '15 at 18:24
  • @Julio Soares What's the difference between mysql and mysqli Is there any positive sides or queries are more sinless. – creeds Sep 26 '15 at 18:24
  • In another answer I've asked: If I run query with string Hound, every record where's matches strings Hound returns records.But If run for e.g. Hound 5.6.7 only Hound 5.6.7 returns. – creeds Sep 26 '15 at 18:26
  • @creeds they are different libraries... the most objective thing is mysql_ is deprecated which means your code is stuck with the version your server has now. If/when it changes your code is no longer running. Apart that msqli or pdo can do more (like srunning stored procedures) and can be safer than mysql_ – Julio Soares Sep 26 '15 at 18:30
  • @Julio Soares I need to rewrite all queries :( I've tried with convertor from mysql to mysqli but unfortunately without success. – creeds Sep 26 '15 at 18:32
  • But this is the correct behaviour @Creed... if you ask it to search for hound 5..6.7 you are asking for a more restrictive filtering. 'Hound' is not like Hound 5.6.7, hound blue is not like Hound 5.6.7 and so on. Your query is then running perfectly fine – Julio Soares Sep 26 '15 at 18:33
  • Think that if your projrct is a success and you are going to be around for a while you will have to do it anyway. if not now, soon. check your priorities and do it when possible. These guys are only trying to alert you that 1 this is going to stop working 2 it is all unsafe as it is right now – Julio Soares Sep 26 '15 at 18:37
  • @Julio Soares I'm newbie I've running from mysql I need lear for mysqli or PDO now thanks for advice.I believe it's not hard to switch to mysqli. In my question I've added my solution for this thing. – creeds Sep 26 '15 at 18:48
  • If I rewrite mysql to mysqli will performs same queries like on mysql. Which one to prefer mysqli or PDO ? – creeds Sep 26 '15 at 18:55

2 Answers2

0

Try as below :

$files = mysql_query("SELECT * FROM names WHERE name LIKE '".$nameid."%'") or die(mysql_error());
AnkiiG
  • 3,468
  • 1
  • 17
  • 28
  • Please don't use the _deprecated_ mysql functions. – DirtyBit Sep 26 '15 at 18:19
  • hile this code block may answer the OP's question, this answer would be much more useful if you explain how this code is different from the code in the question, what you've changed, why you've changed it and why that solves the problem without introducing others. – Mifeet Sep 26 '15 at 21:03
0

I assume from your question $nameid is a variable which will have the value hound. You just need to handle the case-insensitive aspect of your query.

Also, You should use prepared statements to prevent sql injection, for example with PDO:

$st = $db->prepare("SELECT * FROM names WHERE name COLLATE UTF8_GENERAL_CI LIKE ?");
$st->execute(array($nameid.'%'));

See explanation of the COLLATE part of the statement here.

Community
  • 1
  • 1
leeor
  • 17,041
  • 6
  • 34
  • 60
  • I've got this error: Fatal error : Call to a member function prepare() on string in C:\xampp\htdocs\index.php on line 221 – creeds Sep 26 '15 at 18:16