Jump to content

[SOLVED] Database returning all variables if when it cant fine WHERE

krio

By krio
in PHP Coding Help

 Share

Recommended Posts

krio Newbie

krio

Posted
Posted

I have a mysql database.

 

It locates the data in the table correctly if the table matches, but if I search without inputting data it returns the entire table for some reason.. why is it returning the entire table?

 

function searchDatabase($search) {


	$serialsearcher = substr ( $search, - 4 );

	$querysearch = ("SELECT * FROM parts WHERE serialnumber LIKE '%$serialsearcher' OR name LIKE '%$search%'");
	$resultsearch = @mysql_query ( $querysearch );


	while ( $search = $this->fetch_array ( $resultsearch )) {


		echo "<tr>";

		echo "<td><a href='#' title='Lorem Ipsum'>" . $search ['serialnumber'] . "</a></td>";
		echo "<td><a href='#' title='Lorem Ipsum'>" . $search ['name'] . "</a></td>";
		echo "<td><a href='#' title='Lorem Ipsum'>" . $search ['part'] . "</a></td>";
		echo "<td class='last'><a href='content_partdatabase.php?delete=" . $search ['serialnumber'] . "'>Delete</a></td>";

		echo "</tr>";




	} 




	}

TeNDoLLA Newbie

TeNDoLLA

Posted
Posted

You posted a function, that does nothing at all alone unless you call that function which is not present in the code you posted. So where are you calling this function? And that function does not even return anything.

MadTechie Regular Member

MadTechie

Posted
Posted

Well the function does echo's data!

 

the reason your getting all the records is because if $serialsearcher is empty then you are querying the following:~

serialnumber LIKE '%'

which means any!

 

add $serialsearcher to the function parameters and try something like this (rough draft)

$q  ="";
if(!empty($serialsearcher)) $q .= "serialnumber LIKE '%$serialsearcher'";
if(!empty($search))
{
    if(!empty($q)) $q .= " OR ";
    $q .= "name LIKE '%$search%'";
}
$querysearch = ("SELECT * FROM parts WHERE $q ");

MadTechie Regular Member

MadTechie

Posted
Posted

if you searched WHERE usernames LIKE '%madtechie%' OR subjects LIKE '%'

it finds every subject as  subjects LIKE '%' means any subject so the username part is kinda pointless

 

I'll also like to point out you shouldn't have the @ on the query as it omit errors (which during development you want to see)

 

if you update to 

$resultsearch = mysql_query ( $querysearch ) or die($querysearch.mysql_error());

your get a better error report for debugging

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.