0

I will preface this by saying I've been stuck on this for a couple days, I am obviously new and know I'm missing something simple. I've tried so many ways. Security is not an issue yet and I am just trying to learn on my own server.

I always get 'something found' even when I know the value does not exists. I am trying to enter a phrase into an input field, press submit and see if the value already exists in the table

Sorry for the dumb question. 

<?php error_reporting(E_ALL); ini_set('display_errors', 1); // error_reporting(0); // ini_set('display_errors', 0); // exit(); //echo '<pre>'; print_r($user_info); echo '</pre>'; if ( (isset($_POST['lookup'])) && ($_REQUEST['lookup'] =='1')) { echo 'you\'ve entered a keyword, lets see if it exsists!'; $looksql = "SELECT * FROM `crm3`.`keywords` WHERE `KW0` LIKE '".$_POST['lookup']."' ORDER BY `ID` ASC "; if ($result = mysqli_query($db, $looksql)) { echo '<br>someting found'; } else { echo '<br>nothing found'; } } else { echo '<br>please enter a keyword to start the search'; } ?> <br><br><br> <form method="POST" action="./?action=kwcheck"> <input type="hidden" name="lookup" value="1" /> keyword lookup: <input type="text" name="keyword" /><br> <input type="submit" value="SEARCH" />
Improve this question
0

3 Answers 3

Reset to default
2

You have done almost everything right, except the condition. Your condition always gives a truthy value. It should be:

// Query the MySQL server. $result = mysqli_query($db, $looksql); if (mysqli_num_rows($result)) { // Rows are there. echo '<br>someting found'; } else { // No rows are there. echo '<br>nothing found'; }

If you want it functional, you can create a function that return a boolean value: true, if items found, false, if not.

function recordsCount($looksql) { // Get the connection from global scope. global $db; // Query the MySQL server. $result = mysqli_query($db, $looksql); // Return if the count is greater than 0 or not. return (mysqli_num_rows($result) > 0); }

Security concern: Use parameterised queries. Putting $_POST (or any user input $_GET, $_COOKIE, etc.) in a query opens you to SQL injections. Also if you want an exact match use =, not LIKE. The LIKE should be for partial matching and use wildcards (%). Thanks to chris85.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I was still getting an error because my query was wrong, it should have been: code$_POST['keyword'] instead of $_POST['lookup']code Maybe I can take this one step further and have it show me the row ID of result?
0

You have done wrong

if ($result = mysqli_query($db, $looksql)){// this is always true as query will be executed always echo '<br>someting found'; }

above code always executed because it is like if query executed then so echo message and so if condition always be true try below code

$result = mysqli_query($db, $looksql); if (mysqli_num_rows($result)) { echo '<br>someting found'; }
Improve this answer

5 Comments

How is this different or better than my answer? Just curious.
@PraveenKumar i have not said anything that your answer is wrong or anything else
You could have at least formatted or indented the code.
I didn't mean any offence dude. Just curious. :)
I am gonna vote it up once you indent it nicely. :)
-1

You can try this:

$looksql = "SELECT * FROM `crm3`.`keywords` WHERE `KW0` LIKE '%".$_POST['lookup']."%' ORDER BY `ID` ASC ";

use % after like

Improve this answer

2 Comments

This wouldn't explain why the OP is getting results. It could be the answer if the OP weren't getting results.
Yes! and thank you i miss $result = mysqli_query($db, $looksql) is just return a object of result

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.