How can i use variable in Mysql Query

Question

I have this query :

 $result = mysql_query("select * FROM  `agents_infos` 
 WHERE ( agent_name LIKE  '%$name%' )");

the $name is :

 $name =$_POST['name'];

I want to get in the result, all the element that contains the name , but I get nothing. Can you help me please?

Answer 1

in order to receive a list of all element that contains the name, you can write:

$name = $_POST['name'];  
$result = mysql_query("SELECT * FROM  `agents_infos` WHERE ( agent_name LIKE  '%".$name."%' )");

to avoid code injection i advice to use

$name = mysql_real_escape_string( $_POST['name'] );

instead of

$name = $_POST['name'];

Answer 2

Firstly, you need to sanitize your input: What's the best method for sanitizing user input with PHP? then you need to use mysqli instead of mysql : http://php.net/manual/en/migration55.deprecated.php

then you can do this:

$name = mysqli_real_escape_string($_POST['name']);

$query =  "select * FROM  `agents_infos` WHERE ( agent_name LIKE  '%".$name."%' )";
$result = mysqli_query($query);