0
Php and mysql, what condition should I use
If(isset($_POST['searchBarangay'])){ $barangayKeyword = $_['searchBarangay']; $sql = "SELECT *FROM barangay WHERE barangayName LIKE '%barangayKeyWord%' AND barangayDistrict = '1' "; My question is, how to make this appear: Echo "None match search result";
5 Respuestas
+ 2
Jonathan P. Jundarino
You can check results count. It would be 0 if no matches found in Database.
$barangayKeyWord = $_POST['searchBarangay'];
$sql1 = "SELECT * FROM barangays WHERE barangayName LIKE '%$barangayKeyWord%' AND barangayDistrict= '1'";
$sql2 = "SELECT * FROM barangays WHERE barangayName LIKE '%$barangayKeyWord%' AND barangayDistrict= '2'";
$result1= $conn->query($sql1);
$result2= $conn->query($sql2);
if (result1_count == 0 && result2_count == 0) {
//no results
}
if (result1_count > 0 ) {
//display data
}
if (result2_count > 0 ) {
//display data
}
+ 2
A͢J - S͟o͟l͟o͟H͟e͟l͟p͟e͟r͟ The logic is nice🙂
+ 1
A͢J - S͟o͟l͟o͟H͟e͟l͟p͟e͟r͟ okay I will try thanks
+ 1
Please be aware that you should NEVER EVER (!) put input parameters directly into SQL statements without any escaping or usage of prepared statements as this is highly insecure!
Imagine how the query would be like if $barangayKeyword were „%‘ OR 1=1;DROP DATABASE;##“. (Not tested)
You can search for „OWASP Top Ten“, „SQL injection“ etc to find out more about this type of security vulnerability.
0
KatharinaSt thanks I will pay attention to what you say, it's very true, even I'm just practicing for now, I should practicing right way thanks.