-1

I want to use a SELECT LIKE for a string , to get some data from a table.But for some reason the following code does not work.Any clues as to why ? I use HeidiSQl and PHP 5.3.

if(isset($_GET["name"])){
                                        $id=$_GET["name"];
                                        $result = mysql_query("SELECT * FROM categorii_menu WHERE name like'$id%'");
                                        $data=mysql_fetch_row($result);
                                        echo $data[6]; //content of $id
                        }
Mike Causer
  • 8,196
  • 2
  • 43
  • 63
Johny
  • 163
  • 1
  • 11
  • 6
    [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – John Conde Feb 12 '13 at 12:45
  • Echo your query, see if the query you're executing is the one you expected. – jeroenvisser101 Feb 12 '13 at 12:46
  • 2
    What doesn't work? Do you get an error? which one? Or not the expected behavior? which one? – Maxime Pacary Feb 12 '13 at 12:47
  • the $id receives the string containing the name problem is with the select, it does not select where the string is encounterede – Johny Feb 12 '13 at 12:49

2 Answers2

1

Try this : 

$result = mysql_query("SELECT * FROM categorii_menu WHERE name like '".mysql_real_escape_string($id)."%'");

NOTE :

Your query is vulnerable to sql injection

mysql_* functions are deprecated use mysqli_* or PDO

Prasanth Bendra
  • 31,145
  • 9
  • 53
  • 73
0

Found the problem , it was related to my htaccess file. The syntax i posted originally is good.

Johny
  • 163
  • 1
  • 11