0

I know for a fact that the content of inputbox that I'm submitting exists in table1, yet this query:

$check = mysqli_query($con, "SELECT name FROM table1 WHERE name=$_POST[inputbox]");

var_dump($check);

is giving me a bool(false)

What am I doing wrong?

Improve this question
3
  • 2
    You are leaving yourself wide open to SQL injection. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. bobby-tables.com/php has examples to get you started. Commented Jun 11, 2013 at 18:16
  • @AndyLester Thanks for the concern. This will be used only by me locally. It won't be going on the interwebs. Commented Jun 11, 2013 at 18:18
  • 1
    It's probably not a bad idea to build good habits early, though... Commented Jun 11, 2013 at 18:21

3 Answers 3

Reset to default
2

Maybe try:

$check = mysqli_query($con, "SELECT name FROM table1 WHERE name='".$_POST[inputbox]."'");
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

+1 but don't forget about mysqli_real_escape_string. However I prefer PDO :)
Cool, doing that gave me a different result which means it's working. Now how do I make use of the result which shows as: object(mysqli_result)#2 (5) { ["current_field"]=> int(0) ["field_count"]=> int(1) ["lengths"]=> NULL ["num_rows"]=> int(6) ["type"]=> int(0) }
@phptinkerer use mysqli_fetch_array to assign the result to an array
0

A general advice, if you want to know whats going wrong, use mysqli_error():

$result = mysqli_query($con, '......');
if(!$result) {
    die(mysqli_error($con));
}
Improve this answer

1 Comment

Thanks, but I'm not getting an error, just an unexpected result.
0

Check if the $con var is true because if the connection failed you will always get bool(false).

If it is ok try to update the query by name LIKE '" . $_POST[inputbox] . "';

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.