1

So I am new to php and I am trying to check if a mysql table contains a variable which is set when a user does a search. If the table contains the variable (it's a string) then I want to be able to do different things depending on its existence.

I should also note that I am a novice with php development!

This is what I have so far;

$db = new mysqli('IP', 'username', 'password', 'database');

$result = $db->query("SELECT * FROM tablename WHERE ColumnName =     $searchVar");

if(empty($result)){
    //No result Found
}else{
    //Found result
}
Improve this question
4
  • SQL strings, like PHP strings, need to be in quotes. Aside from that issue I don't know what your question or issue is. Oh, and you need to fetch the results.. php.net/manual/en/mysqli-result.fetch-assoc.php Commented Jul 3, 2015 at 0:37
  • Did you log on to mysql ? Have you got errors enabled ? Commented Jul 3, 2015 at 0:50
  • Do you want the record(s)? Where does $searchVar come from, user input? Commented Jul 3, 2015 at 0:50
  • @RohitGupta Yes I can connect to the DB and there's no errors. Error reporting is enabled currently too :) @chris85 I dont want to export the records, no. I would like to just check to see if they are infact there. The $searchVar comes from a users input yes. Commented Jul 3, 2015 at 0:53

2 Answers 2

Reset to default
1

You need to place single quotes around $searchVar in the query.

$result = $db->query("SELECT * FROM tablename WHERE ColumnName = '$searchVar'");

Then, you must fetch the results of the query.

$result = $result->fetch_row();
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

He/she hasn't posed a question yet, how can you have an answer?
So if I do that, should the rest of my code work? I will try that now buddy!
OP stated that they would like to query the DB to see if a record exists. The changes I suggested should allow them to do so.
Where did OP state that? So I have been trying to check if a mysql table contains a variable (something which is entered in a search) If OP is looking for a record his/her code wont get that.
@md_5 - Just keep in mind that, someone who knows SQL can DELETE your whole table if you use these codes. :) Please read about sanitizing user inputs and sql injections.
|
1

Okay so your current query failed because your SQL string wasn't in quotes. It also could have failed once inputted into quotes if your PHP string had a single quote in it. This is how SQL injections occur, user input should never be passed directly into a SQL query. To separate these tasks there are prepared/parameterized queries.

Here's code I think should work for you but this is untested, based off manuals.

$db = new mysqli('IP', 'username', 'password', 'database');
$stmt = $db->prepare('SELECT * FROM tablename WHERE ColumnName = ?');
$stmt->bind_param('s', $searchVar);
$stmt->execute();
if($stmt->num_rows > 0) {
    echo 'there are results';
} else {
    echo 'there are no results';
}

Link to thread on preventing injections: How can I prevent SQL injection in PHP?

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.