Home/ Questions/Q 7779185
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T18:35:13+00:00

I used php code from tutorial and it worked fine. But when I am

  • 0

I used php code from tutorial and it worked fine. But when I am rewriting it to me it gives me null. This code gives me what I want I mean it gives data in JSON format:

$q=mysql_query("SELECT * FROM people WHERE birthyear>'".$_REQUEST['year']."'");
while($e=mysql_fetch_assoc($q))
    $output[]=$e;
print(json_encode($output));

But this code even it looks identically doesn’t work it gives null:

$q=mysql_query("SELECT username, firstname, lastname, email, phone1, skype, city, description 
FROM mdl_user WHERE username LIKE'".$_REQUEST['usern']."'");
while($e=mysql_fetch_assoc($q))
    $output[]=$e;
print(json_encode($output));

If I don’t use $_REQUEST[‘usern’] and am getting data in JSON. But I need to use request to search specific data. So where could be the problem. Because I trustfully don’t understand. It looks the same to me.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    To make a pattern with LIKE use a %. Put it around or at any end, beginning or end.

    $username = mysql_real_escape_string($_REQUEST['usern']);

$q=mysql_query("SELECT username, firstname, lastname, email, phone1, skype, city, description 
FROM mdl_user WHERE username LIKE '$username%'");
                                 ^
                                 |
 // You also missed this space --+

    Note your query is wide open to SQL injection. Just think if someone inserts year as '; drop table people; --. Use mysql_real_escape_string to sanitize those field.

    enter image description here

    And it’s better to use explicitly $_POST or $_GET,ths makes sure your data is coming from proper source.

    • 0