// probably want to do some sanity checks on the input
// e.g. watch out for names like O'Reilly
$lastname = str_replace("'","''",$lastname);// the contents of variable must be inside single quotes
$sql = "SELECT * FROM table WHERE lastname='$lastname'";
// or try the SQL 'LIKE' syntax
$sql = "SELECT * FROM table WHERE lastname LIKE '$lastname'";
// may be use a wildcard
$sql = "SELECT * FROM table WHERE lastname LIKE '$lastname%'";
Matt Hedges wrote:
Hello,
I have a basic question I can't figure out.
My site lets people enter in their information... I now want to be able for a user to search the database. For example, enter in "firstname" or "lastname" in a text box, hit submit, and have the results returned.
How do I write this in PHP?
I've tried lots of twists on SELECT * FROM table WHERE lastname=$lastname... but can't get it to work...
any help greatly appreciated, thanks, Hedges
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
