Simple Search from Database Fails.. HELP HELP!!

Codes here !

Moderators: egami, macek, gesf

Post Reply
User avatar
macek
php-forum Active User
php-forum Active User
Posts: 277
Joined: Wed Aug 25, 2010 10:42 am
Contact:

Wed May 16, 2012 9:12 am

Code: Select all

$query = "SELECT * FROM songs WHERE category ='" . mysql_real_escape_string($criteria) . "'";
because, if you enter: " it's nice " that the final query is:

SELECT * FROM songs WHERE category = 'it's nice'

but better could be
WHERE category LIKE '" . mysql_real_escape_string($criteria) . "'

User avatar
macek
php-forum Active User
php-forum Active User
Posts: 277
Joined: Wed Aug 25, 2010 10:42 am
Contact:

Wed May 16, 2012 11:48 am

Code: Select all

<input type="submit" value="Search" name="someVeryNiceName />
...
if(isset($_POST['someVeryNiceName'])) {

}

Post Reply
  • Information
  • Who is online

    Users browsing this forum: No registered users and 2 guests