How to search tracking no like 1Z981Y1ED342132798 in PHP & MySQL

Question

I have a tracking no. 1Z981Y1ED342132798 . But when I search query directly in phpmyadmin it shows the result but when I run the following through php the result will not show. I am sending the field value in GET method during submit my search form. My code is as follows

<?php
    $test_qry = mysql_query(Select * from `table_name` where `tracking_no` like '%".$_REQUEST['srch']."%');
?>

<form name="search_form" action="" method="get">
<td>Search:</td>
<td>
 &nbsp;&nbsp;<input type="text" name="srch" value="<?php echo $_REQUEST['srch']; ?>">       </td>
<td>
 &nbsp;&nbsp;<input type="submit" name="Search" value="Search">     </td>
</form>

Very weird issue, tried a lot, any help will be appreciated. Thanks!

Also, https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 — AbraCadaver, Aug 25 '17 at 18:43
Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — John Conde, Aug 25 '17 at 18:43
There's nothing that you've shown so far that would indicate why it isn't working. Please try to create a [mcve] and edit your question to include that. — Don't Panic, Aug 25 '17 at 18:43

score -1 · Answer 1 · answered Aug 25 '17 at 19:33

-1

There is a convention error in your code

like '%".$_REQUEST['srch']."%')

Try replacing $_REQUEST['srch'] with $srch variable.

$srch = $_REQUEST['srch']

answered Aug 25 '17 at 19:33

Muhammad Zubair Saleem

507
6
23

How to search tracking no like 1Z981Y1ED342132798 in PHP & MySQL

1 Answers1