-4

I try to extract data from database below, and as a result, for example, as below is low risk, I want to show an image and, at average risk, another image. But it does not work. What is wrong?

<?php

if ($_POST) {
    $ara = $_POST["ara"];

    $sorgu = mysqli_query($baglan, "select Risk from wanbetaler where BTW like '%$ara%'");
    if (empty($ara)) {
        echo 'GEEN RESULTAAT';
    } else {
        if (mysqli_num_rows($sorgu) > 0) {
            while ($kayit = mysqli_fetch_array($sorgu)) {
                if ($kayit = "Low risk") {

                    echo '<center> <img src="groen.jpg" class="center" /></center>';

                } elseif ($kayit = "Average risk") {

                    echo '<center> <img src="oranje.JPG" class="center" /></center>';

                }

            }
        } else {
            echo 'GEEN RESULTAAT';
        }
    }
} else {

}
?>
Masivuye Cokile
  • 4,754
  • 3
  • 19
  • 34
user8296629
  • 3
  • 1
  • "Does not work" - what does it do – clearshot66 Jul 12 '17 at 14:58
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jul 12 '17 at 15:01

1 Answers1

0

couple things.

  1. you're comparing an array, use $kayit[0] or $kayit['Risk']

  2. you're using the wrong operator. You need to use == in the comparisons.

Qirel
  • 25,449
  • 7
  • 45
  • 62
bones
  • 808
  • 3
  • 10
  • 23