1

This is my code to output a row from table

if (empty($_GET['artist']))
    exit;
$q = $_GET["artist"];

$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$sql = "SELECT artistName FROM artists WHERE (artistName LIKE '".$q."%')";
$sth = mysqli_query($conn, $sql);
$json = mysqli_fetch_all ($sth, MYSQLI_ASSOC);
echo json_encode($json);
$conn->close();

Now the table contains columns of various sizes, if I do this

$sql = "SELECT * FROM artists WHERE (artistName LIKE '".$q."%')";

Network Inspect in Chrome says failed to load response data

but if I do this

$sql = "SELECT artistName, ... FROM artists WHERE (artistName LIKE '".$q."%')";

It outputs the data just fine.

Please tell me what am I doing wrong.

I'm working on Apache server, just FYI.

equitharn
  • 3,453
  • 2
  • 14
  • 17
  • http://stackoverflow.com/questions/1262376/is-there-a-limit-on-how-much-json-can-hold – Fabio Gonzaga Sep 06 '16 at 20:22
  • @FabioGonzaga I don't think it answers my question – equitharn Sep 06 '16 at 20:24
  • 1
    **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST` or `$_GET` data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Sep 06 '16 at 21:13
  • 1
    @tadman Thank you so much for pointing it out! I'll make the necessary changes ASAP – equitharn Sep 06 '16 at 21:18

0 Answers0