CODEWITHSUNDEEP
phpmysql
Mohd Ariffin
Mohd Ariffin

Reputation: 13

USE LIKE with php variable

I have a problem using LIKE with PHP variables. I would like to select, based on a username, what matches the username in the DB. Here is my code:

$dbhost = "localhost";
$dbuser = "root";
$dbpass = "1234";
$dbname = "coffeecorner";
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);

$user = $_SESSION['username'];  

$sql  = "select username ";
$sql .= "from add_reservation";
$sql .= "where username like" . $user;
$result = mysqli_query($connection, $sql);

if(!$result)
{
   die("database query fail!" . mysqli_error($connection));
}

enter image description here

Error

database query fail! You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'likeipin' at line 1

Any help would be appreciated!

Upvotes: 0

Views: 1154

Answers (3)

Mohd Ariffin
Mohd Ariffin

Reputation: 13

after a few hours thinking and trying i have found the solution. this a the new code. We need to input a braces () on it;

if(session_id()=='' || isset($_SESSION['username'])){

$dbhost = "localhost";
$dbuser = "root";
$dbpass = "1234";
$dbname = "coffeecorner";
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);

$user = $_SESSION['username'];  

$sql  = "(SELECT * FROM add_reservation WHERE username like '$user')";
$result = mysqli_query($connection, $sql);

if(!$result)
{
   die("database query fail!" . mysqli_error($connection) . mysqli_errno($connection));
}

Hope it helped !

Upvotes: 0

Barmar
Barmar

Reputation: 780994

You need quotes around the username. Also, if you're using LIKE to match a pattern, you should have wildcards in it.

$sql .= "where username likem '%$user%'";

But it's better to use a parametrized query.

$sql = 'SELECT username
        FROM add_reservation
        WHERE username like ?';
$user_pattern = "%$user%";
$stmt = mysqli_prepare($connection, $sql);
mysqli_stmt_bind_param($stmt, "s", $user_pattern);
$result = mysqli_stmt_execute($stmt);
if (!$result) {
    die("database query fail!" . mysqli_error($connection));
}

Upvotes: 1

kourouma_coder
kourouma_coder

Reputation: 1098

You neeed to add a little a space after like :

$dbhost = "localhost";
$dbuser = "root";
$dbpass = "1234";
$dbname = "coffeecorner";
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);

$user = $_SESSION['username'];  

$sql  = "select username ";
$sql .= "from add_reservation";
$sql .= "where username like " . $user;
$result = mysqli_query($connection, $sql);

if(!$result)
{
  die("database query fail!" . mysqli_error($connection));
}

check the error message : database query fail!You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'likeipin' at line 1

the word like is stuck with the username forming a single string likeipin ; it should be like ipin meaning $sql .= "where username like " . $user;

Be carefull on session, session_start should be used before accessing session variable.

You can use this query string : $sql = "SELECT username FROM add_reservation WHERE username LIKE '%". mysql_real_escape_string($user) ."%'" or this one :
$sql = "SELECT username FROM add_reservation WHERE username LIKE '%".$user."%'"
Hope it help.

Upvotes: 0

Related Questions