-2

I have an HTML page that takes multiple input from the useras a numeric code and then displays output in another php page. The data is retrieved from a database table.

my code is not working, can you please help me figure out why?

the php code:

$var1 = "where CODE like '%{$_POST['AGI1']}%'";
$var2 = "where CODE like '%{$_POST['AGI2']}%'";
$var3 = "where CODE like '%{$_POST['AGI3']}%'";
$var4 = "where CODE like '%{$_POST['AGI4']}%'";


$sql = "select * from table $var1" ;
$sql .= "select * from table $var2" ;
$sql .= "select * from table $var3" ;
$sql .= "select * from table $var4" ;

$result = mysqli_query($conn,$sql1, $sql2, $sql3, $sql4);

Thanks in advance, I appreciate all the help. I'm still new to using php so I'm sorry if this is a silly question.

edit:

the code is now the following:

$var1 = "where CODE like '%{$_POST['AGI1']}%' OR CODE like '%{$_POST['AGI2']}%' OR CODE like '%{$_POST['AGI3']}%' OR CODE like '%{$_POST['AGI4']}%' "; 

$sql = "select * from proteinpd $var1;";
$result = mysqli_query($conn,$sql);
.
.
.


while($row = mysqli_fetch_array($result)){

it is showing me the result of all the table and not only for the codes I have chosen. Why so?

INPUT FORM:

<form action="output.php" method="POST" >
<table>
        <div>  
            <h2 > AGI </h2> 
           <p><input name="AGI1"type="text"></p>
           <p><input name="AGI2" type="text"></p>
           <p><input name="AGI3" type="text"></p>
           <p><input name="AGI4" type="text"></p>
           <p> <input type="Submit" value="OK"></p>
            
        </div>  
    </form>

Database table structure:

enter image description here

FlexingWater
  • 45
  • 5
  • 2
    There are multiple issues: - You're concatenating sql queries, but there's no separator between them, like ; - Also the $sql is not used anywhere - The mysqli_query does seem to have different interface (params) - https://www.php.net/manual/en/mysqli.query.php Why not use OR in the where clause? e.g. "where code like 'aaa' or code like 'bbb' ..." – baHI Jul 15 '20 at 09:35
  • 1
    thanks for your reply. I edited my code similar to what you told me so now it looks like this: `$var = "where CODE like '%{$_POST['AGI1']}%' OR CODE like '%{$_POST['AGI2']}%' OR CODE like '%{$_POST['AGI3']}%' OR CODE like '%{$_POST['AGI4']}%' "; $sql = "select * from table $var;" ; $result = mysqli_query($conn,$sql);` but now instead of showing me results for this query, it's showing me results from all the table. Any idea why? Thanks :) – FlexingWater Jul 15 '20 at 09:47
  • you have single input box field or multiple? – KUMAR Jul 15 '20 at 09:49
  • i have multiple input fields in the HTML page, four input fields. – FlexingWater Jul 15 '20 at 09:50
  • so why you make multiple input fields searching for same column `code` ? – KUMAR Jul 15 '20 at 09:55
  • the user inputs different code values, and each code has different values for attributes. For example, if the user inputs code 1 and 2, then i want to display all the relevant information for both codes in a table. – FlexingWater Jul 15 '20 at 09:56
  • use `AND` for that. – KUMAR Jul 15 '20 at 10:08
  • `$var = "where CODE like '%{$_POST['AGI1']}%' AND CODE like '%{$_POST['AGI2']}%' ";` try with & let me know. – KUMAR Jul 15 '20 at 10:52
  • hey KUMAR. I tried using `AND` and the result is an empty table. I don't want `AND` but rather `OR`. However the `OR` is giving me the results of all the table which is also what I don't want. I want only the results from what the user inputs. So code 1 or code 2, then I want the information relating to code 1 and the information for code 2. – FlexingWater Jul 15 '20 at 10:58
  • @FlexingDuck please show us your table structure & input form also. , so we can help you. – KUMAR Jul 15 '20 at 11:16
  • @KUMAR i updated my post to show the form and the table that takes the input. Thanks. – FlexingWater Jul 15 '20 at 11:55
  • @FlexingDuck where is your database table structure?. – KUMAR Jul 15 '20 at 11:57
  • @KUMAR sorry. i just added a screenshot of the table (AGICODE is the same as CODE) – FlexingWater Jul 15 '20 at 12:03

1 Answers1

0

When you are combining your sql queries you need to end each query with a ;.

$sql = "select * from table $var1;" ;
$sql .= "select * from table $var2;" ;
$sql .= "select * from table $var3;" ;
$sql .= "select * from table $var4;" ;

See also how to use mysqli_multi_query instead of mysqli_query.

See the Example#1 in the official documentation. You should also consider to refactor your code to prevent SQL Injections.

Amacado
  • 630
  • 5
  • 20