How can i use variable in Mysql Query

StackOverflow https://stackoverflow.com/questions/23595966

  •  20-07-2023
  •  | 
  •  

Question

I have this query : 

 $result = mysql_query("select * FROM  `agents_infos` 
 WHERE ( agent_name LIKE  '%$name%' )");

the $name is : 

 $name =$_POST['name'];

I want to get in the result, all the element that contains the name , but I get nothing. Can you help me please?

Was it helpful?

Solution

in order to receive a list of all element that contains the name, you can write: 

$name = $_POST['name'];  
$result = mysql_query("SELECT * FROM  `agents_infos` WHERE ( agent_name LIKE  '%".$name."%' )");

to avoid code injection i advice to use 

$name = mysql_real_escape_string( $_POST['name'] );

instead of

$name = $_POST['name'];

OTHER TIPS

Firstly, you need to sanitize your input: What's the best method for sanitizing user input with PHP? then you need to use mysqli instead of mysql : http://php.net/manual/en/migration55.deprecated.php

then you can do this:

$name = mysqli_real_escape_string($_POST['name']);

$query =  "select * FROM  `agents_infos` WHERE ( agent_name LIKE  '%".$name."%' )";
$result = mysqli_query($query);
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top