I need another set of eyes on this code...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

orbdrums
Forum Commoner
Posts: 82
Joined: Wed Sep 14, 2011 11:42 pm

I need another set of eyes on this code...

Post by orbdrums »

Hey all,

I am trying to use a variable ($lname) passed from a php form in a SQL query with no luck. I have some hyphenated last names in my SQL database that I want to query. If someone could take a look at my code and give me some advice it would be greatly appreciated.

$query = "SELECT * FROM Contacts.AB_Macbook WHERE (`AB_Macbook`.`Last name` LIKE '$lname')";

Thanks in advance.
Dodon
Forum Commoner
Posts: 64
Joined: Wed Aug 03, 2011 4:11 am
Location: Netherlands

Re: I need another set of eyes on this code...

Post by Dodon »

Are you getting an error? No results? What happens if you place the SQL code in phpmyadmin does it result in an error?

Try:

Code: Select all

$query = "SELECT * FROM Contacts.AB_Macbook WHERE (`AB_Macbook`.`Last name` LIKE '%$lname%')";
 
orbdrums
Forum Commoner
Posts: 82
Joined: Wed Sep 14, 2011 11:42 pm

Re: I need another set of eyes on this code...

Post by orbdrums »

That's the weirdest thing. When I run this php code I get different results than when I run it in phpmyadmin. I get the results that I expect in phpmyadmin but it returns a completely different data set when I run this in my php script.
orbdrums
Forum Commoner
Posts: 82
Joined: Wed Sep 14, 2011 11:42 pm

Re: I need another set of eyes on this code...

Post by orbdrums »

Okay I figured out what data set is being returned by my SQL string in my php script. SQL is treating the string as:

Code: Select all

$query = "SELECT * FROM Contacts.AB_Macbook WHERE `Last name` = \"   \"";
Instead of:

Code: Select all

$query = "SELECT * FROM Contacts.AB_Macbook WHERE `Last name` LIKE \"$lname\"";
I believe I need to do something with the variable to strip any "junk" that it may contain. When I display the variable it shows the contents properly however within the SQL string it's not functioning as though the variable contains anything but spaces. Maybe this will help with the diagnosis. Thanks again.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: I need another set of eyes on this code...

Post by Celauran »

Code: Select all

$query = "SELECT foo FROM table WHERE field LIKE '{$varname}'";
orbdrums
Forum Commoner
Posts: 82
Joined: Wed Sep 14, 2011 11:42 pm

Re: I need another set of eyes on this code...

Post by orbdrums »

This may help with suggestions. Here are two lines of code that return different results:

Code: Select all

 echo $lname,'is there anything here?',"<br />";
  echo htmlspecialchars($_POST['lname']),' - SQL request.',"<br />";
Here are the results:
is there anything here?
- - SQL request.
The first line of code shows that $lname is blank.
The second line of code shows that $lname is equal to "-".
Any thoughts?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: I need another set of eyes on this code...

Post by Celauran »

What does var_dump($lname); show?
orbdrums
Forum Commoner
Posts: 82
Joined: Wed Sep 14, 2011 11:42 pm

Re: I need another set of eyes on this code...

Post by orbdrums »

NULL
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: I need another set of eyes on this code...

Post by Celauran »

The next question, then, is where is $lname defined?
orbdrums
Forum Commoner
Posts: 82
Joined: Wed Sep 14, 2011 11:42 pm

Re: I need another set of eyes on this code...

Post by orbdrums »

In a file called sql-form that calls contacts.php. Here is the code I use to define and capture "lname".

Code: Select all

<form id="SQLForm" name="SQLForm" method="post" action="/contacts.php">
  <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
    <tr>
      <th>First Name </th>
      <td><input name="fname" type="text" class="textfield" id="fname" /></td>
    </tr>
    <tr>
      <th>Last Name </th>
      <td><input name="lname" type="text" class="textfield" id="lname" /></td>
    </tr>
    <tr>
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: I need another set of eyes on this code...

Post by Celauran »

This would define $_POST['lname'] but not $lname. $_POST['lname'] also seems to be getting mangled, though. What processing is being done after the form is submitted?
orbdrums
Forum Commoner
Posts: 82
Joined: Wed Sep 14, 2011 11:42 pm

Re: I need another set of eyes on this code...

Post by orbdrums »

Thanks man. We're getting closer. Now I have a string(1) variable $lname = '-'. I want to query my database to pull all records with a last name containing a hyphen. How do I code the wildcard % in my query?

Code: Select all

$query = "SELECT * FROM Contacts.AB_Macbook WHERE `Last name` LIKE '{$lname}'";
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: I need another set of eyes on this code...

Post by Celauran »

Ah, I didn't realize you were only putting - in the lname field.

Code: Select all

$query = "SELECT foo FROM bar WHERE field = '%{$lname}%'";
orbdrums
Forum Commoner
Posts: 82
Joined: Wed Sep 14, 2011 11:42 pm

Re: I need another set of eyes on this code...

Post by orbdrums »

Well you did it. Thanks so much for your help!!
orbdrums
Forum Commoner
Posts: 82
Joined: Wed Sep 14, 2011 11:42 pm

Re: I need another set of eyes on this code...

Post by orbdrums »

Is there a way to include multiple variables in a single query statement? I'm real new with this php and SQL stuff. Thanks man.
Post Reply