CODEWITHSUNDEEP
phpandroidmysql
Skindeep2366
Skindeep2366

Reputation: 1559

PHP mysql_query returing 0 results even though it should be 450

PHP script running server side to handle queries from Java application. The table has 450 results that should be returned but for some reason its going to the no businesses found statement..

For testing im sending the information on the HTTPGet from the android app with the following vals

varQuery2 is a String and = state varQuery1 is a String and = MS 

<?php

$result = mysql_query("SELECT * FROM businessdata WHERE '" 
. mysql_real_escape_string($_REQUEST['varQuery2'])."' =  '" 
. mysql_real_escape_string($_REQUEST['varQuery1'])."'") or die(mysql_error());

// check for empty result
if (mysql_num_rows($result) > 0) {
// looping through all results
// businesses node
$response["businesses"] = array();

while ($row = mysql_fetch_array($result)) {
    // temp user array
$business = array();
$business["bid"] = $row["idbusinessData"];
$business["name"] = $row["name"];
$business["owner"] = $row["owner"];
$business["phone_main"] = $row["phone_main"];



array_push($response["businesses"], $business);
}
// success
$response["success"] = 1;

// echoing JSON response
echo json_encode($response);
} else {
// no businesses found
$response["success"] = 0;
$response["message"] = "No businesses found";

// echo no users JSON
echo json_encode($response);
}
?>

Why is this failing and any ideas how to fix it? Also please note that the entire script worked with static state = 'MS' in the select... Even when I call it from a browser window with:

http://address/scriptName.php?varQuery2=state+varQuery1=MS

I still get the same No Business Found response..

As per comments the below is the table that is being used here..

CREATE  TABLE `test`.`businessData` (
`idbusinessData` INT NOT NULL AUTO_INCREMENT ,
`name` CHAR(255) NULL ,
`owner` CHAR(255) NULL ,
`phone_main` CHAR(10) NULL ,
PRIMARY KEY (`idbusinessData`) );

Just a little update to see if I am on the right track:

switch ($_GET){
case "state":
$result = mysql_query("SELECT * FROM businessdata WHERE state =  '" . mysql_real_escape_string($_REQUEST['varQuery1'])."'") or die(mysql_error());

case "zip";
// zipcode results
case "nothing";
// default results
}

Upvotes: 0

Views: 93

Answers (1)

nneonneo
nneonneo

Reputation: 179532

You are trying to select every business for which "state" = "MS", which will of course be false every time (you compare the two strings against each other).

You should avoid having column names as part of your GET request. Instead, consider using a specific GET field for each column which you'd want to query (e.g. search.php?state=MS), then building the query based on the supplied parameters.

Upvotes: 3

Related Questions