0

I have a database like which has multiple columns and when querying it with a WHERE clause it won't get any results. Here is the code I am using :

$columns = $_GET['var'];
$where = $_GET['where'];
$checkValue = $_GET['checkValue'];
$userInput = $_GET['userInput'];

$query = "SELECT ";

foreach($columns as $val)
    $query .= "$val, ";

$query .= "FROM Email";

if($where === "yes")
    $query .= " WHERE $checkValue = '$userInput'";

$columns is multiple checkboxes for the user to select which columns they wish to see. It works perfectly except when adding the where clause. When I've been testing it I made sure that the it was exactly the same as in the database. Also the $checkValue is a dropdown list which values are exactly the same as in the database. Also just to note later on I edit the query so the last comma is removed.

To print it out I use :

while($c = mysqli_fetch_assoc($results)){
    foreach($columns as $val){
        $header = ucwords($val);
        echo "<b>$header</b><br>";
        echo $c[$val]."<br>";   
    }
    echo "-------------------------------<br>";
}

This is the query that is outputted when not using the where clause and works:

 SELECT date, mediatype FROM Email

And here is the query that doesnt work:

 SELECT date, mediatype FROM Email WHERE mediatype = 'Blog'

Any advice?

EDIT: Here is the table with: Db

There is more columns but these are ones I want to focus on.

Improve this question
16
  • 1
    Do you get an error? What happens when you run this directly in MySQL? Commented Jul 2, 2015 at 13:26
  • 3
    please show your mysql table setup. Also I'd recommend Using PDO and prepared statements. This has epic injection potential. Commented Jul 2, 2015 at 13:26
  • It does the same and returns nothing, there isn't any error. Maybe something wrong with the sql? Commented Jul 2, 2015 at 13:28
  • 4
    You generate an extra comma (,) before the FROM keyword and the query doesn't run at all because it has this syntax error. Commented Jul 2, 2015 at 13:30
  • 1
    What happens if you run SELECT date, mediatype FROM Email WHERE mediatype LIKE 'Blog%'? I'm thinking you have some trailing spaces or something in the data. Commented Jul 2, 2015 at 13:36

2 Answers 2

Reset to default
1

Your generate SQL request seems to have a syntax error. Just change the way you generate it.

Instead of 

foreach($columns as $val)
  $query .= "$val, ";

Try

$query .= implode(', ' $columns);

That will skip the last comma.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, that is a much easier way than I was doing. However it still doesn't fix the problem.
0

The blog column had an extra empty line that 'Blog%' wasn't working on. I went in the database and deleted the extra line and used the query again and it worked.

Thanks everyone for the help :)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.