TalkPHP - View Single Post - [SOS]a search for a database ,double click here

bluesaga · 01-06-2008, 09:46 PM

% is a wildcard, that should only be used for LIKE mysql searches...

PHP Code:


			
$db = mysql_select_db("test") ;
$sql = "select * from webt where name='%$_POST[search]%' ";
$res = mysql_query($sql) ;

Should probably be:

PHP Code:


			
$db = mysql_select_db("test") ;
$sql = "select * from webt where name LIKE '%$_POST[search]%' ";
$res = mysql_query($sql) ;

please note, your script is FAR from secure and you should look at some topics here regarding:
SQL injections protection

01-06-2008, 09:46 PM	#2 (permalink)
bluesaga Super Moderator Join Date: Sep 2007 Posts: 165 Thanks: 0	% is a wildcard, that should only be used for LIKE mysql searches... PHP Code: `$db = mysql_select_db("test") ; $sql = "select * from webt where name='%$_POST[search]%' "; $res = mysql_query($sql) ;` Should probably be: PHP Code: `$db = mysql_select_db("test") ; $sql = "select * from webt where name LIKE '%$_POST[search]%' "; $res = mysql_query($sql) ;` please note, your script is FAR from secure and you should look at some topics here regarding: SQL injections protection __________________ Halo 3 Cheats