-2

I learn about the script autodidact and only PHP and Mysql and i don't know how to tell the things about the name part of script or syntax or anything i just know how to use it and hard to for me find my question from google, please understand me, sorry.

There is possible to filter 2 field firstname and year from 1 database?

  • Condition 1 : When i type firstname by input only, it work, start from refresh first if not go to condition 3.
  • Condition 2 : When i select year by select option only, it work, start from refresf first if not go to condition 3.
  • Condition 3 : When i select year and type by input, it doesn't work.

What i need is, when i select year 2009 and than when i just type 'a' Abdul and Agus selected from database, should only abdul selected from database.

I think the problem is my PHP and Mysql so i focus on them

Here my database directory:

| firstname | status | year  |
|:--------- |:------:| :----:|
| Agus      | Alumni | 2008  |
| Abdul     | Alumni | 2009  |
| David     | Alumni | 2009  |
| Jelita    | Student|       |

and here is mysql query

$sql="SELECT * FROM directory where
status='Alumni' and year Like '%".$q."%' or
status='Alumni' and firstname Like '%".$q."%'";
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
Jhon David Albertsius
  • 1
  • 3
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Mar 28 '22 at 11:29

1 Answers1

-2
sql = select * FROM `directory` where `year` = '$year' and `firstname` = '$firstname%'
where $year = '2009' and $firstname = 'a'

this will output

firstname status year
Abdul Alumni 2009
PM 77-1
  • 12,933
  • 21
  • 68
  • 111
benkov
  • 184
  • 9
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Mar 28 '22 at 13:01