0

Hy Guys i always fail when i try to write with php to an other php file... It always delete me the $con and $result in the new file but why? Thanks in advance!

Tried to write with fwrite($newfile, $txt); fclose($newfile); into a php file but failed...

<?php
$con=mysqli_connect(\"localhost\",\"dbuser\",\"pw\",\"db\");

if (mysqli_connect_errno())
{
echo \"Failed to connect to MySQL: \" . mysqli_connect_error();
}

$result = mysqli_query($con,\"SELECT * FROM me where me_genre like '%$var7%' LIMIT 6\");

while($row = mysqli_fetch_array($result))
{
echo \"</div>\";
}

mysqli_close($con);
?>

$con and $result doesn't show up in new file...

Me Mario
  • 1
  • 1
  • 2
    Please remove all slashes from your code, they are useless. – u_mulder Jun 09 '19 at 13:46
  • I assume this is a text literal which is why the slashes are there - BUT also it is probably doing variable substitution and replacing what it thinks are variables. You will need to escape all of the `$` for the variables - `\$con` etc. – Nigel Ren Jun 09 '19 at 13:52
  • Then i get a 500 error – Me Mario Jun 09 '19 at 13:53
  • @Nigel i will try it one second – Me Mario Jun 09 '19 at 13:54
  • @Nigel it works now awesome thank you!! Now i tried it with echo \"
    \"; but it shows up as echo "
    "; and gives me again an error
     – Me Mario Jun 09 '19 at 14:05
  • How are you creating this string? https://stackoverflow.com/questions/11153049/advantages-inconveniences-of-heredoc-vs-nowdoc-in-php may be of some help. – Nigel Ren Jun 09 '19 at 14:09

1 Answers1

0

You like condition '%$var7%' is wrong

For build a valid ike condition ..you should use concat 

  SELECT * 
  FROM me 
  where me_genre like caoncat('%',$var7, '%') 
  LIMIT 6

You should not use php in sql code you are at risk for sqliject for this you should take a look at prepared statement and binding param 

$sql=   "SELECT * 
  FROM me 
  where me_genre like caoncat('%', ? , '%') 
  LIMIT 6";

$con=mysqli_connect("localhost","dbuser","pw","db");

$stmt = $con->prepare($sql);
$stmt->bind_param("s",$var7);
$stmt->execute();
ScaisEdge
  • 131,976
  • 10
  • 91
  • 107