I am first time using like in mysql .but it is giving error.my query with like is
$user_query="SELECT * FROM rt_user WHERE rt_user_username LIKE %".$_GET['term']."% OR rt_user_name LIKE %".$_GET['term']."% OR rt_user_description LIKE %".$_GET['term']."% LIMIT 10";
it is giving syntax error.
Jump to PostDo not insert $_GET or $_POST vars directly into SQL -you need to sanitise.
$term = mysql_real_escape_string($_GET['term']); $user_query="SELECT * FROM rt_user WHERE rt_user_username LIKE '%$term%' OR rt_user_name LIKE '%$term%' OR rt_user_description LIKE '%$term%' LIMIT 10";
Do not insert $_GET or $_POST vars directly into SQL -you need to sanitise.
$term = mysql_real_escape_string($_GET['term']);
$user_query="SELECT * FROM rt_user WHERE rt_user_username LIKE '%$term%' OR rt_user_name LIKE '%$term%' OR rt_user_description LIKE '%$term%' LIMIT 10";
Try wrapping the LIKE arguments in single quotes:
$user_query="SELECT * FROM rt_user WHERE rt_user_username LIKE '%".$_GET['term']."%' OR rt_user_name LIKE '%".$_GET['term']."%' OR rt_user_description LIKE '%".$_GET['term']."%' LIMIT 10";
Notice the single quotes around the LIKE strings?
You should definitely take diafol's advice and sanitize the input instead of just directly injecting the $_GET values into the query.
Also, I cannot be sure without seeing your database structure, but it looks like where you say rt_user_username, you might really mean to say rt_user.username, or even more simply, just username. What you have (and maybe this is what you want, like I said, I cannot be sure without seeing the schema) is looking for a column named rt_user_username in the rt_user table. What I wrote, rt_user.username, means a column named username in the table named rt_user. Just thought I'd mention that in case it turns out to be another issue.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.