MySQL search engine

Navigation
0

I'm trying to implement a word search in a mysql table

I have a number search engine that, although very simple, works perfectly: 

<?php if ($row['albaran'] == $_POST['buscar']): ?>

<?php endif; ?>

This shows the record if the delivery note is exactly the same as the number that I enter in the search form.

But I would like you to look for a coincidence, that is not exact. For example: Search "Pedro" in a record that is "Pedro Romero Tomas"

I've tried something like this 

$buscarcliente = $_POST['buscarcliente'];

sql = 'SELECT * FROM avisos WHERE cliente LIKE "%$buscarcliente%"';
    
asked by Tefef 19.03.2018 в 11:27
source

1 answer

1

When you use LIKE , the wildcard % is the one to match any string of zero or more characters, as indicated by the documentation .

The problem with your code lies in the way you're using double quotes " and single quotes ' . The use of LIKE requires that the data to be searched and the wildcard be surrounded by single quotes ' , therefore, in this case it is convenient that the declaration of your variable be surrounded by double quotes. 

$sql="SELECT * FROM avisos WHERE cliente LIKE '%$buscarcliente%'";

Security problem in your code

I want to indicate that there is something much more serious in your code: it is vulnerable to the SQL injection . Through it a malicious user could destroy your data , or could even take control of your system. It is important that you shield your code using prepared queries.

    
answered by 19.03.2018 / 17:36
source
Syntax error when trying to insert data into MYSQL with php export result of a nodedels middelware to a static js file