0

Php and mysql, what condition should I use

If(isset($_POST['searchBarangay'])){ $barangayKeyword = $_['searchBarangay']; $sql = "SELECT *FROM barangay WHERE barangayName LIKE '%barangayKeyWord%' AND barangayDistrict = '1' "; My question is, how to make this appear: Echo "None match search result";

30th Aug 2021, 5:32 AM
Jonathan P. Jundarino
Jonathan P. Jundarino - avatar
5 odpowiedzi
+ 2
Jonathan P. Jundarino You can check results count. It would be 0 if no matches found in Database. $barangayKeyWord = $_POST['searchBarangay']; $sql1 = "SELECT * FROM barangays WHERE barangayName LIKE '%$barangayKeyWord%' AND barangayDistrict= '1'"; $sql2 = "SELECT * FROM barangays WHERE barangayName LIKE '%$barangayKeyWord%' AND barangayDistrict= '2'"; $result1= $conn->query($sql1); $result2= $conn->query($sql2); if (result1_count == 0 && result2_count == 0) { //no results } if (result1_count > 0 ) { //display data } if (result2_count > 0 ) { //display data }
30th Aug 2021, 7:01 AM
A͢J
A͢J - avatar
+ 2
30th Aug 2021, 7:24 AM
Jonathan P. Jundarino
Jonathan P. Jundarino - avatar
+ 1
30th Aug 2021, 7:23 AM
Jonathan P. Jundarino
Jonathan P. Jundarino - avatar
+ 1
Please be aware that you should NEVER EVER (!) put input parameters directly into SQL statements without any escaping or usage of prepared statements as this is highly insecure! Imagine how the query would be like if $barangayKeyword were „%‘ OR 1=1;DROP DATABASE;##“. (Not tested) You can search for „OWASP Top Ten“, „SQL injection“ etc to find out more about this type of security vulnerability.
6th Sep 2021, 9:07 PM
KatharinaSt
0
KatharinaSt thanks I will pay attention to what you say, it's very true, even I'm just practicing for now, I should practicing right way thanks.
7th Sep 2021, 12:27 AM
Jonathan P. Jundarino
Jonathan P. Jundarino - avatar