1

I am trying to retrieve data from a table based on if the user enters characters in a search bar which match with a variable that holds the description of an item.

I am doing this using MySQL in PHP and this is the retrieval code I have so far:

$ItemDesc = $_POST['ItemDesc'];

$query = "select * from StockItems where ItemDesc LIKE '%$ItemDesc%'";

However I am not getting back the right result, what I am getting back is all the data in the SQL table despite entering unmatching characters all the time.

So e.g. if in the SQL tabel I have one field and the ItemDesc row contains 'Fight', if i enter 'xxx' into the search box and click enter the field will always be retrieved.

Improve this question
3
  • Are you sure $_POST['ItemDesc'] contains a value other than null or an empty string? LIKE '%%' would return all results. Try var_dump($_POST['ItemDesc']) and verify. Commented May 22, 2013 at 17:29
  • Why is the question just TESTs ?? Commented May 30, 2013 at 22:08
  • 1
    Anyone having his kids play with the edit button? Commented May 30, 2013 at 22:09

2 Answers 2

Reset to default
3

You aren't getting your $ItemDesc variable set so to mysql it's looking like

select * from StockItems where ItemDesc LIKE '%%'

Try to print_r or var_dump the contents of $ItemDesc and the $_POST to see where things are falling down. But it would be a good idea to make sure $ItemDesc meets at least some criteria (min length) before issuing the query

Also sanitize the inputs coming from userland

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Doesn't $ItemDesc = $_POST['ItemDesc']; set it?
it will set it assuming the name on the input that posted it is ItemDesc and the form action is post and the user put information in the field. Lot of ands there... best to just make sure
Great, Thanks @Orangepill the problem was my input name was different from the variable. After all it was the html that was wrong :/
-2 
$item = $_POST['itemDesc'];

$result = mysql_query("select * from StockItems where ItemDesc LIKE '%$item%'");

This query is select the result for user assigning character for all places in the itemdesc field.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.