PHP select from statement when, not working

Question

im having real truble with this php code:

 <?php 
        $sessionid = $_SESSION['id'];
        echo $sessionid;

        $sql = "SELECT * FROM users WHERE id = '$sessionid';";
        $rsults = mysqli_query($conn, $sql);
        $resultsCheck = mysqli_num_rows($rsults);
        if ($resultsCheck > 0) {
            while ($row = mysqli_fetch_assoc($rsults)){
                $follow = $row['follow'];
                $loc = $row['places'];
                echo $follow;
                echo $loc;
            }
        }
    $sql = "SELECT * FROM posts WHERE username LIKE '$follow'";
    $rsults = mysqli_query($conn, $sql);
    $resultsCheck = mysqli_num_rows($rsults);
    if ($resultsCheck > 0) {
        while ($row = mysqli_fetch_assoc($rsults)){
            echo '<div class="posts">';
            echo '<img class="img"src='.$row['img'].' width="1500px">';
            echo '</div>';
            echo '<div class="contain">';
            echo '<div class="over">';
            echo '<div class="username2">';
            echo '<img src="focus.png" width="25px" height="25px" style="padding-right: 10px;">'.'<a href="./Profile.php?data='.$row['username'].'">'.$row['username'].'</a>'.'<img src="loc.png" width="25px" height="25px" style="padding-right: 5px; padding-left: 10px;">'.'<a href="./Location.php?data='.$row['ext'].'">'.$row['ext'].'</a>';
            echo '</div>';
            echo '<div class="content">';
            echo $row['content'];
            echo '</div>';         
            echo '</div>';
        }
    }else {
        echo "There are no results matching your search!";
}
?>

It will output the variables from the first select statement but the second statement only outputs "There are no results matching your search!". I have tried the statement with the actual words (not variables) in php my admin and it works well however when it is on the site..... nothing. I guess its something to do with the variables, but really i have no idea so any help will be appreciated! Thanks so much (and i know variables are open to sql injection but this site is just a proof of concept :)

You're overwriting the variables each time through the `while` loop. When you do the next query, `$follow` and `$loc` will just contain the values from the last row that was returned by the query. — Barmar, Oct 07 '18 at 04:03
Besides the [SQL injection](http://php.net/manual/en/security.database.sql-injection.php) issue ([see fix](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)), did you mean `username = '$follow'` instead of `username LIKE '$follow'` for all results for the last `$follow` user found from the first query? — Tigger, Oct 07 '18 at 04:04
There's also no need to use two queries, just join the `users` and `posts` tables in a single query. — Barmar, Oct 07 '18 at 04:06
@Tigger If the value has no wildcards in it, `LIKE` is the same as `=`. — Barmar, Oct 07 '18 at 04:08

score 0 · Answer 1 · answered Oct 07 '18 at 03:57

0

For your second SQL statement you need to use % conjunction with the LIKE operator. % - The percent sign represents zero, one, or multiple characters

For more deep understanding you can follow this link: SQL LIKE Operator

Change your second SQL statement like the following. I think it will work as you expect.

$sql = "SELECT * FROM posts WHERE username LIKE '%$follow%'";

answered Oct 07 '18 at 03:57

Mahbubul Islam

998
1
10
24

I doubt he wants to use the username as a pattern like this. – Barmar Oct 07 '18 at 04:05
But he is using this site just as a proof of concept. Maybe this can help him to debug. – Mahbubul Islam Oct 07 '18 at 04:13

score 0 · Answer 2 · answered Oct 07 '18 at 04:45

Try this, I did a few ajustments, so it could work

<?php 
        $sessionid = $_SESSION['id'];
        echo $sessionid;

        $sql = "SELECT * FROM users WHERE id = '".$sessionid."'";
        $rsults = mysqli_query($conn, $sql);
        $resultsCheck = mysqli_num_rows($rsults);
        if ($resultsCheck > 0) {
            while ($row = mysqli_fetch_array($rsults)){
                $follow = $row['follow'];
                $loc = $row['places'];
                echo $follow;
                echo $loc;
            }
        }
    $sql = "SELECT * FROM posts WHERE username LIKE '".$follow."'";
    $rsults = mysqli_query($conn, $sql);
    $resultsCheck = mysqli_num_rows($rsults);
    if ($resultsCheck > 0) {
        while ($row = mysqli_fetch_array($rsults)){
            echo '<div class="posts">';
            echo '<img class="img"src='.$row['img'].' width="1500px">';
            echo '</div>';
            echo '<div class="contain">';
            echo '<div class="over">';
            echo '<div class="username2">';
            echo '<img src="focus.png" width="25px" height="25px" style="padding-right: 10px;">'.'<a href="./Profile.php?data='.$row['username'].'">'.$row['username'].'</a>'.'<img src="loc.png" width="25px" height="25px" style="padding-right: 5px; padding-left: 10px;">'.'<a href="./Location.php?data='.$row['ext'].'">'.$row['ext'].'</a>';
            echo '</div>';
            echo '<div class="content">';
            echo $row['content'];
            echo '</div>';         
            echo '</div>';
        }
    }else {
        echo "There are no results matching your search!";
}
?>

PHP select from statement when, not working

2 Answers2