I'm really shocked by this. Here is the php:
Update: I escaped input (before I did it differently, but didn't know about mysql_real_escape_string). In addition, I replace double quotes with single quotes, but the same problem occurs. Below is the updated code:
$request = mysql_real_escape_string($_POST['id']); $colName = mysql_real_escape_string($_POST['col_name']); function executeAssoc1($q) { $r = mysql_query($q) or die(mysql_error() . ' ' . $q); $rass = mysql_fetch_assoc($r); return $rass; } foreach(array_keys($_POST) as $pitem) { if($pitem == (...what I want it to...)) { $pitem_name = mysql_real_escape_string(rawurldecode($pitem)); $qf = "SELECT * FROM possible_values WHERE table_id=$request AND col_name='$colName' AND value = '$pitem_name'"; $qfr = executeAssoc1($qf); var_dump($pitem_name); echo '<br>'; var_dump($qf); echo '<br>'; var_dump($qfr); } }
Here is part of what this code outputs in a single loop:
line (37) "1. New England (Northeast Region)"
string (122) "SELECT * FROM possible_values ββWHERE table_id = 3 AND col_name = 'DIVISION' AND value = '1. New England (Northeast Region)'"
bool (false)
Now, when I copy this query to the phpmyadmin SQL editor, it really returns the result. I even tried to use LIKE "% ...%" as suggested in here , but the same thing happens (phpmyadmin returns a string, php returns 0 rows).
source share