0

I am trying to search for a email with the same domain in a mysql database using using SQL LIKE as in 

$search=$_POST['searchTickets'];
$from=$_POST['fromm'];
$to=$_POST['too'];

$q=mysqli_query($conn,"select * from mytickets WHERE email LIKE '%$search' AND dt BETWEEN '$from' AND '$to' ");

Although the $search have a string (example mydomain.com) that correspond to values found in mytickets table, email column (example [email protected]), the mysqli_query keep returning zero results.

And somehow when I replace email LIKE '%$search' with email LIKE '%mydomain.com' it return the result I'm looking for. could it be sql is taking $search in '%$search' as a string? if so whats the right way to make SQL take it as PHP variable?

Improve this question
3
  • It looks like you want to directly build in send data into your SQL. This is an security vulnerability. More infos about SQL injection can be found on Wikipedia Commented Aug 9, 2018 at 9:36
  • It is possible that $search does not include the right value. Commented Aug 9, 2018 at 9:40
  • You right, $search was picking up the wrong value. Thanks alot. Commented Aug 9, 2018 at 9:56

1 Answer 1

Reset to default
1

One of possible solutions:

$q=mysqli_query($conn,"select * from mytickets WHERE email LIKE '%".$search."' AND dt BETWEEN '$from' AND '$to' ");
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Still returning zero results, any other possible solution?
Is the rest of the condition ok? I suggest you add line echo $q; and check the statement, if it is ok. You can try to run it directly in phpmyadmin, or post it here.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.