0

I have a simple query in PHP but I can't get Like to work.

Here is the code:

$var = $_GET['q'];
$trimmed = trim($var);
$query = "SELECT * FROM vm_regiony WHERE nazev LIKE "%$trimmed%" order by id     LIMIT 10";
$result = mysql_query($query);
if(mysql_num_rows($result)==0){
  echo "nothing";
  echo "<br />";
  echo $trimmed;
}else{
  while($rene=mysql_fetch_array($result)){
    $jmeno = $rene['nazev'];
    echo '<a id="hled" onclick="javascript:vybrat()">'.$jmeno.'</a>';
Improve this question
3
  • A little code formatting please. That hurts my eyes. Commented Dec 7, 2011 at 21:12
  • i was just about to fix it too lol couldn't understand a word.. Commented Dec 7, 2011 at 21:14
  • Please note that you have written a script that is vulnerable to SQL Injection vulnerabilities because you have not sanitized any of the user-supplied variables in your SQL queries. Please use PHP Prepared Statements to prevent these vulnerabilities. Thanks. Commented Jan 21, 2012 at 1:41

2 Answers 2

Reset to default
5

For one you need to use single quotes there

$query = "SELECT * FROM vm_regiony WHERE nazev LIKE '%$trimmed%' order by id LIMIT 10";
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Yeah, thanks you really much man, really quick answer THANKS!
Or escape the double quotes - but single quotes is simpler :-)
no problem - to ensure fast response in the future you should check this answer as accepted.
Yeah, i was waiting, bacause there was 10 miutes remaining, and Ive forgot about it :D sorry
0 
$query = "SELECT * FROM vm_regiony 
          WHERE nazev LIKE '%' . $trimmed . '%' 
          ORDER BY id LIMIT 10";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.