0

I'm having difficulty querying my database using form input for a name. I'm also having to query using between dates and results, both conditions which work just fine. It's only for searching player names that the database craps out and fails to display anything. The if-statements are nested, but there is another before this piece of code which holds the WHERE part of the statement. Like I said, it works just fine for my other two conditionals. It just doesn't like the WHERE...LIKE for some reason I can't figure out.

Can someone verify if this code should work as I think it should?

$c = "player1 LIKE '%" . $playerName . "%'";

Where $c is used in a query command if the if-statement is true (Which in this case is if $playerName is true). $playerName comes from form input.

user3399963
  • 11
  • 1
  • 6
  • I don’t understand your problem, but you are vulnerable to SQL injections. So if you are unaware of this: please read here http://stackoverflow.com/q/60174/1037640 – DerVO Feb 18 '16 at 13:49
  • can you check the php error log and post what's inside? Also, I hope you are performing all necessary escapes/checks on that form input before querying the database – Nadir Feb 18 '16 at 13:50
  • The query-part should work, if `$playerName` is a) non-empty b) properly escaped c) the query onto which it is appended ends with a blank. It would be helpful to post the error message of the database. Also, `$playerName` should be secured against SQL injection, as @DerVO mentioned. (My guess would be that there is a blank missing before _player1_.) – syck Feb 18 '16 at 13:51
  • This is for a school assignment, and we haven't gotten to validation just yet. I would like to post error messages but I don't have any which I think is due to how the server is configured. – user3399963 Feb 18 '16 at 13:59
  • If you include something like `if($err=$conn->error) echo '
    '.$err.'
    '.$sql.'
    ';` after executing the query you should be able to see what MySQL thinks about the query. (Probably your connection variable is different from $conn. And the syntax may be a bit different if you use PDO instead of mysql. But I hope you get the idea.)     – syck Feb 18 '16 at 17:07

0 Answers0