Jump to content

[SOLVED] Database returning all variables if when it cant fine WHERE


krio

Recommended Posts

I have a mysql database.

 

It locates the data in the table correctly if the table matches, but if I search without inputting data it returns the entire table for some reason.. why is it returning the entire table?

 

function searchDatabase($search) {


	$serialsearcher = substr ( $search, - 4 );

	$querysearch = ("SELECT * FROM parts WHERE serialnumber LIKE '%$serialsearcher' OR name LIKE '%$search%'");
	$resultsearch = @mysql_query ( $querysearch );


	while ( $search = $this->fetch_array ( $resultsearch )) {


		echo "<tr>";

		echo "<td><a href='#' title='Lorem Ipsum'>" . $search ['serialnumber'] . "</a></td>";
		echo "<td><a href='#' title='Lorem Ipsum'>" . $search ['name'] . "</a></td>";
		echo "<td><a href='#' title='Lorem Ipsum'>" . $search ['part'] . "</a></td>";
		echo "<td class='last'><a href='content_partdatabase.php?delete=" . $search ['serialnumber'] . "'>Delete</a></td>";

		echo "</tr>";




	} 




	}

You posted a function, that does nothing at all alone unless you call that function which is not present in the code you posted. So where are you calling this function? And that function does not even return anything.

Well the function does echo's data!

 

the reason your getting all the records is because if $serialsearcher is empty then you are querying the following:~

serialnumber LIKE '%'

which means any!

 

add $serialsearcher to the function parameters and try something like this (rough draft)

$q  ="";
if(!empty($serialsearcher)) $q .= "serialnumber LIKE '%$serialsearcher'";
if(!empty($search))
{
    if(!empty($q)) $q .= " OR ";
    $q .= "name LIKE '%$search%'";
}
$querysearch = ("SELECT * FROM parts WHERE $q ");

if you searched WHERE usernames LIKE '%madtechie%' OR subjects LIKE '%'

it finds every subject as  subjects LIKE '%' means any subject so the username part is kinda pointless

 

I'll also like to point out you shouldn't have the @ on the query as it omit errors (which during development you want to see)

 

if you update to

$resultsearch = mysql_query ( $querysearch ) or die($querysearch.mysql_error());

your get a better error report for debugging

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.