0

This is the code I am using. It only returns queries whose value of $isbn does not start with 0.

The rows with isbn value like :09913456 are not returned.

The same query in PhpMyadmin works fine.

$isbn = $_GET["isbn"];
$query = 'SELECT * FROM crossword_data WHERE isbn LIKE '.$isbn;
$result = mysqli_query($con,$query);

while($row = mysqli_fetch_array($result))
  {
    echo $row['title'];
  }      

mysqli_close($con);
?>
Improve this question
5
  • 1
    Your code is vulnerable to SQL Injection please consider using PDO for data access. Commented May 12, 2013 at 19:32
  • Please post your database structure. Commented May 12, 2013 at 19:33
  • 1
    What is the field type of the isbn field (varchar / number)? Commented May 12, 2013 at 19:34
  • 1
    I imagine it should be varchar or char due to the leading zeros. Commented May 12, 2013 at 19:34
  • 2
    $isbn = "%;--". And now I have your entire table. Sanitize your inputs. Commented May 12, 2013 at 19:35

2 Answers 2

Reset to default
1

Please be aware of sql-injection: the user data goes right into your database! escape it. Otherwise everybody could slowdown, read, write or empty your data.

You treat your input like a number, but you mean a string. A number doesn't start with 0.

Solution would be

'SELECT * FROM crossword_data WHERE isbn LIKE "'.$isbn . '"'
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0 
$query = 'SELECT * FROM crossword_data WHERE isbn LIKE '.'%".$isbn."%';
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.