[SOLVED] Help with Select * FROM clients WHERE '$Variable' LIKE '$search'

[matt82]

In this select Query it will search exactly how i want it to if i put the column in as ClientID or ClientName but when i try and put '$SearchCat in instead so that the user can select what column they want to seach by then no results are returned.

 

 

$Searchtxt = $_POST['searchtext'];

$SearchCat = $_POST['searchby'];

 

 

print' <FORM name="form1" METHOD=post>

Search:<br>

<input type="text" name="searchtext" value=""><br>

 

search by:<br>

<SELECT NAME="searchby">

    <OPTION VALUE= ClientID SELECTED>ClientID

    <OPTION VALUE= ClientName>ClientName

    </SELECT><br><br>

<INPUT TYPE=SUBMIT NAME="SUBMIT2" VALUE="SUBMIT"/>

</form>';

 

if (isset($_POST['SUBMIT2'])) {

 

$search2 = "%".$Searchtxt."%";

 

 

 

$query2 = "SELECT * FROM clients WHERE '$SearchCat' LIKE '$search2'";

$queryy2 = mysql_query($query2);

$displ2 = mysql_fetch_array($queryy2);

 

 

If anyone can help me that would be fantastic thanks a million

Oh and as the select box will eventually be pulling its options from a table the column really does have to be a variable if posible.

Anyway thanks in advance Matt

[toplay]

You need to have a column name and not enclosed is single quotes where you have '$SearchCat'.

 

So, remove the single quotes or use backtick marks like so:

 

$query2 = "SELECT * FROM clients WHERE `$SearchCat` LIKE '$search2'";

 

You already have the percent signs in $search2 so you should be good to go.

 

 

FYI: Look into the use of mysql_real_escape_string():

 

http://us3.php.net/manual/en/function.mysql-real-escape-string.php

[matt82]

Thanks a million mate did the job perfectly

and it was so simlple