#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2013
    Posts
    1
    Rep Power
    0

    Match text in table using php


    Hi,
    I have created a mysql table and using table values i have created
    drop down menu.if we select a value in drop down list,that row in table has to be fetched and displayed in webpage.

    $result= mysql_query("SELECT * FROM $table WHERE COUNTRY RLIKE '$cit' OR ADDRESS LIKE '%$cit%' or ADDRESS LIKE '%_$cit' or ADDRESS LIKE '%$cit%' or AUTHORS RLIKE '$cit' or JOURNAL LIKE '$cit' OR PDBID RLIKE '$cit'" ) OR DIE;

    this is the script i have used.the results of ADDRESS is not displayed.

    please help me to solve this.

    thanks and regards,
    Manonathan.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 2003
    Posts
    3,230
    Rep Power
    593
    1. Please enclose your code in [ PHP ] tags. See the sticky at the top of this forum that says READ THIS BEFORE POSTING.
    2. What you have posted is not a script, it is a single statement showing your query. Based on what you have posted, the reason the results of ADDRESS is not displayed is because you don't output anything. If you are questioning the validity of the query itself then you are in the wrong forum and need to post in the MySQL forum.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2013
    Posts
    58
    Rep Power
    1
    A few things here:
    1. You may not be showing the entire script here, but I don't see any kind of validation. Generally speaking, information will come from only the choices in your form, but you shouldn't assume that that's the case. You should always assume the worst-case scenario (that someone is using the names in your form and then calling this script from a different form using invalid values for SQL injection or some other kind of attack.
    2. If it's a drop-down menu, seems a bit odd to have to do all those LIKE and RLIKE parts of the query. Really, you should be selecting only one value based on one criteria, which is what's selected in the drop-down.
    3. Please use MySQLi or PDO instead of MySQL statements for queries.
    4. For MySQL queries, it's a good idea to select individual fields to return instead of using * to return everything.
    5. You should consider using prepared statements instead of just querying straight on input from the user. Again, you don't know what is in the drop-down value the user is feeding you.
    If what I've described sounds like a bunch of gobbledygook, I think you should take this a bit more one step at a time.

    For example, you may want to start with just familiarizing yourself with MySQL queries before combining MySQL with PHP. Then, you may want to read some tutorials on prepared statements and mysqli.

IMN logo majestic logo threadwatch logo seochat tools logo