$query = $_POST["name"];
$mob = $_POST["phone"];
is that this query is correct
$sql="SELECT * FROM oath WHERE name='%".$query."%' && phone='%".$mob."%'";
Asked
Active
Viewed 50 times
-2
-
3Do you want `name LIKE '%...` rather than `=` – Nigel Ren Apr 16 '19 at 05:57
-
do i use Like operator ? – shail Apr 16 '19 at 05:58
-
2Have a look at https://stackoverflow.com/questions/18527659/php-mysqli-prepared-statement-like to see how to do it properly with prepared statements. – Nigel Ren Apr 16 '19 at 06:01
-
Thanks its working correctly using "LIKE" operator – shail Apr 16 '19 at 06:05
-
What are you using to execute your queries? PDO or MySQLi? – Phil Apr 16 '19 at 06:05
3 Answers
2
You have at least three issues:
- when you use a wildcard
%, useLIKEoperator to check whether a specific character string matches a specified pattern - replace
&&withANDto combine your boolean expressions (MySQL supports&&operator, but other database engines don't) - always use preprared statements
Your statement:
$sql = "SELECT * FROM oath WHERE name LIKE '%".$query."%' AND phone LIKE '%".$mob."%'";
Prepared statement:
<?php
...
# Input
$name = $_POST["name"];
$phone = $_POST["phone"];
$name = "%$name%";
$phone = "%$phone%";
# Statement
$sql = "SELECT * FROM oath WHERE name LIKE :name AND phone LIKE :phone";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':name', $name);
$stmt->bindParam(':phone', $phone);
# Execution
$statement->execute();
# Result
$results = $statement->fetchAll(PDO::FETCH_ASSOC);
...
?>
Zhorov
- 28,486
- 6
- 27
- 52
-
1MySQL supports `&&` ~ https://dev.mysql.com/doc/refman/8.0/en/logical-operators.html#operator_and – Phil Apr 16 '19 at 06:04
-
@Phil Yes, thanks for this note. The question has no database tag, so probably using `AND` will be more appropriate here. – Zhorov Apr 16 '19 at 06:08
-
1Heh, I didn't even notice there wasn't a tag but OP most probably is using MySQL. I agree that `AND`, `OR`, etc are more readable but it would be incorrect to say that `&&` is a problem – Phil Apr 16 '19 at 06:10
0
The issue is here:
name='%".$query."%' ... phone='%".$mob."%'"
here you are mixing equality comparison ie = with wild card search ie % which is wrong.
Try this:
$sql = "SELECT * FROM oath WHERE name LIKE '%".$query."%' AND phone LIKE '%".$mob."%'";
and also replace && with AND
Mayank Pandeyz
- 25,704
- 4
- 40
- 59
0
Try This
$sql = "SELECT * FROM oath WHERE name LIKE '%".$query."%' AND phone LIKE '%".$mob."%'";
Phil
- 157,677
- 23
- 242
- 245
Virat Virat
- 41
- 6