Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
rvdb86
Starting Member
2 Posts |
 Posted - 2008-12-01 : 06:22:06
|
Hi hope some one can help me!Let me quickly describe what I am trying to do. I have a stock system and I want to have a simple search where the user sumbits the poduct name, then the script find the product name in the tbl_products and returns the results.I have the following SELECT query://This code runs if the form has been submittedif (isset($_POST['submit'])) { $search_product = $_POST['search_product'];// now we search the products table $query = "SELECT * FROM tbl_products WHERE product_name = $search_product";$result = mysql_query($query) or die ("Search Query Fault");For some reason this doesn't work  Any suggestions? |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2008-12-01 : 06:40:54
|
| It seems that you're using MySQl. this is MS SQL Server forum. You may try your luck in MySQL forums like www.dbforums.com |
 |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2008-12-01 : 06:42:20
|
I think you could try like below (not sure if this works)$query = "SELECT * FROM tbl_products WHERE product_name = " & $search_product"; instead of your current line |
|
|
|
shaunc
Starting Member
28 Posts |
Posted - 2008-12-02 : 16:18:52
|
| You need to surround the value of product_name with single quotes:$query = "SELECT * FROM tbl_products WHERE product_name = '$search_product'";Also, please seriously consider using the mysqli_* functions instead, in particular, mysqli_prepare(). Your application is vulnerable to SQL injection. For example, consider what would happen if someone posted the form with this in the search_product field:';drop table tbl_products;-- |
|
|
|
rvdb86
Starting Member
2 Posts |
Posted - 2008-12-06 : 15:06:23
|
| Sorry i posted in the wrong forum but thanks for every ones help i have managed make it work! |
|
|
|
|
|
|
Problem with SELECT query