0

so I'm attempting to take in a PHP variable and do insert it into a simple sql query, but it's not working and I can't seem to figure out the issue.

NOTE: I know this code has security issues

staff_model.php file:

function getSearches($searchterm) {
        $sql = "SELECT * 
                FROM people 
                WHERE name 
                LIKE '%{$searchterm}%'";
        $query = $this->db->query($sql);
        return $query;
    }

My table has several columns but it has columns like id, name, subject, type. The way I get $searchterm is something like

var searchText = document.getElementById('custom-search-text').value;

in my javascript file and I'll pass it to users.php through

$.get(url+"/api/users/staff", {id: id, name: name, type: type, subject: subject, search: searchText})

Just to make sure everything else was working correctly, I hardcoded something for searchTerm (so something like $sql = "SELECT * FROM people WHERE name LIKE 'Matt'") and I did get the correct results.

Something else I tried was $sql = "SELECT * FROM people WHERE name LIKE $searchTerm" and this didn't work.

Any ideas on how I can get it to work with wildcards?

Jon
  • 319
  • 1
  • 4
  • 19

2 Answers2

0

How about "SELECT * FROM people WHERE name LIKE '%".$searchterm."%'";

Peter Peng
  • 1,910
  • 1
  • 27
  • 37
-1

Try this $sql = "SELECT * FROM people WHERE name LIKE '%".$searchterm."%'";

using . as concatenating operator

Prudhvi Konda
  • 297
  • 1
  • 7
  • I tried this query and it still came back with nothing. Is it possible that something else is wrong somewhere else? – Jon Aug 14 '15 at 03:08
  • I'm able to see the count. Here is my code Can you please share your entire code? – Prudhvi Konda Aug 14 '15 at 03:22
  • Nevermind, I had another dumb issue somewhere else, but I wasn't seeing the error until I messed around with the code more – Jon Aug 17 '15 at 00:59