0

I'm trying to implement a hashtag system into my website. I have it set so user input that has a hashtag gets converted into a link to hashtag.php?q=%23$1 that echo's "Results for '.$_GET["q"].':"; which works fine, but it doesn't actually display any posts. For example, I have a post saying "This #website sucks" which is echoed out as

This <a href="hashtag.php?q=%23website">#website</a> sucks

But the following page only displays

Results for #website:

and the rest is blank. Here's my code for hashtag.php:

echo 'Results for '.$_GET["q"].':';

$connect = mysql_connect("localhost","root","");
mysql_select_db("database",$connect);
$mysql = "SELECT * FROM table WHERE input LIKE '".$_GET['q']."' ";
$myData = mysql_query($mysql, $connect);
while ($record = mysql_fetch_array($myData)){
echo $record['input'];
}

I'm working on using mysqli before I make the site public by the way.

Improve this question
7
  • 7
    I recommend to immediately stop using your code. It is completely open to SQL injection. What if I pass '; DROP TABLE table' for $_GET[q] ? Commented Oct 3, 2013 at 14:23
  • Are you sure that your query is returning results? Commented Oct 3, 2013 at 14:24
  • 1
    @FreshPrinceOfSO : +1 for effort, but your code will not do anything, as you can't run multiple commands :P Commented Oct 3, 2013 at 14:25
  • 1
    @FreshPrinceOfSO it wouldn't work because ext/mysql does not allow multiple queries to be executed with one function simultaneously. However, he should use properly parameterized queries to prevent injection. Commented Oct 3, 2013 at 14:25
  • 1
    @ExplosionPills It is for dramatic effect. :) Commented Oct 3, 2013 at 14:27

1 Answer 1

Reset to default
1

Try putting % percentage signs on either side of the $_GET["p"] in your query. Don't forget to escape the $_GET["q"] as well. That'd be more important than using mysqli ;)

$mysql = "SELECT * FROM table WHERE input LIKE '%".mysql_real_escape_string($_GET['q'])."%' ";
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.