Retrieving rows based on a substring on PHP-MySQL

Question

<?php
//$query = $_POST['query'];
$query = 'TI';

$conn = mysql_connect($mysql_host, $mysql_user, $mysql_password);
mysql_select_db($mysql_database, $conn);

$q=mysql_query("SELECT * FROM productTbl WHERE productName = '$query%'");
while($e=mysql_fetch_assoc($q))
    $output[]=$e;

print(json_encode($output));
mysql_close();
?>

My user would have to key in a certain string into a textbox from Android and POST to my PHP. On the PHP side, how do I retrieve the rows according to the POST-ed string, let say the string 'TI' ? I tried this, but it returns null.

your code is vulernabe to sql injection: http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php — dynamic, Mar 05 '12 at 10:22

score 2 · Accepted Answer · answered Mar 05 '12 at 10:23

2

Use LIKE:


$query = mysql_real_escape_string($query); //better to be safer
SELECT * FROM productTbl WHERE productName LIKE '$query%'

answered Mar 05 '12 at 10:23

Sudhir Bastakoti

99,167
15
158
162

score 1 · Answer 2 · answered Mar 05 '12 at 10:24

1

Try to use this

$q=mysql_query("SELECT * FROM productTbl WHERE productName LIKE '" . $query . "%'");

answered Mar 05 '12 at 10:24

botzko

630
3
8

score 0 · Answer 3 · answered Mar 05 '12 at 10:24

for wildcards you have to use the like key word, something like:

<?php
//$query = $_POST['query'];
$query = 'TI';

$conn = mysql_connect($mysql_host, $mysql_user, $mysql_password);
mysql_select_db($mysql_database, $conn);

$q=mysql_query("SELECT * FROM productTbl WHERE productName like '$query%'");
while($e=mysql_fetch_assoc($q))
    $output[]=$e;

print(json_encode($output));
mysql_close();
?>

Retrieving rows based on a substring on PHP-MySQL

3 Answers3