0

I think i have tried everything, my brain cells is destroyed.

    $order_column = array('doctor_schedule_date', 'doctor_schedule_start_time', 'doctor_schedule_end_time', 'average_consulting_time');
    $main_query = "
    SELECT * FROM doctor_schedule_table
    ";

    $search_query = '
    WHERE doctor_id = "'.$_SESSION["admin_id"].'" AND 
    ';

so it's working fine and thanks on that, but once i'm adding WHERE contact == "123" after AND in the end, it's just stopping working and starting to show me no matching data found i know it's a silly question, but i guess im too stupid to figure it out on myself. Help is optional

Marcus Aurelius
  • 1
  • 3
  • Your SQL query is incomplete. Are you intentionally ending the query on `AND`, or is there more that is not included? Most database engines do not use `==`, as `=` is all that is required. – matigo Jul 19 '21 at 10:39
  • You don't need the second "WHERE" - you need to add " contact = '123'" after the AND, without the extra WHERE keyword. If you test the query in phpmyadmin you'll be able to see the error messages. – droopsnoot Jul 19 '21 at 10:54
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – hakre Jul 19 '21 at 11:16

0 Answers0