Search via GET does not return results correctly

Question

Search via GET does not return results correctly

Asked 6 years ago

Viewed 120 times

0

I’m having a problem with a GET search.

I have the following code:

<?php
  //envio o charset para evitar problemas com acentos
  header("Content-Type: text/html; charset=UTF-8");

  include_once ('bd/bd.php');

  $cnpj = filter_input(INPUT_GET, 'cnpj');
  $sql = "SELECT * FROM `fornecedores` WHERE `cnpj` = '{$cnpj}'"; //monto a query
  $query = $mysqli->query( $sql ); //executo a query

  if( $query->num_rows > 0 ) {//se retornar algum resultado
    echo "Este CNPJ já está cadastrado em nosso banco de dados";
  } else {
    echo "CNPJ OK";
  }

?>

But when I do a search for ex:

www.site.com/search-fornec.php? cnpj=85.341.207/0001-82

The result should be: "This CNPJ is already registered in our database", but is appearing "CNPJ OK"

The example CNPJ is saved in the database, if I do SQL directly in phpMyAdmin the result is found, showing that the query is ok, but via GET always appears "CNPJ OK" regardless of the parameter I pass in the query.

If I make the search:

www.site.com/search-fornec.php? cnpj=123456789

In theory it should say that the CNPJ is already registered, correct? But it appears that the CNPJ is ok

1

Have you checked if the bar present in the CNPJ value is not interfering with the URL? Try to encode the value before sending it through query string.

– Woss

2018/11/21 at 17:25
@Andersoncarloswoss does not interfere, because I put in the database a "CNPJ" in the format 1111111111 and when I search it does not appear that the CNPJ already exists in the bank what should happen, because this cnpj is already saved in the bank

– Frederico Moreira

2018/11/21 at 17:26
Alter $query->num_rows for $query->num_rows() and return us the result.

– 8biT

2018/11/21 at 17:31
@8bit doesn’t make sense, num_rows is not a method.

– Woss

2018/11/21 at 17:33
@Fredericomoreira Place a var_dump($sql); exit; before executing the query and make sure that the value is arriving correctly.

– Woss

2018/11/21 at 17:33
@Andersoncarloswoss string(59) "SELECT * FROM fornecedores WHERE cnpj = '123456789'"

– Frederico Moreira

2018/11/21 at 17:34
If I use this direct select in phpMyadmin it will return the line where this cnpj exists. Only that in the command via GET speaks q does not exist.

– Frederico Moreira

2018/11/21 at 17:35
Considering the severe accents that were hidden in the comment, your SQL would have 55 characters, but appears string(59). What would those other 4 characters be?

– Woss

2018/11/21 at 17:37
It was the name of the table that I changed here in Ra to send to you. Consider that the string is string(55)

– Frederico Moreira

2018/11/21 at 17:38
Let’s go continue this discussion in chat.

– Frederico Moreira

2018/11/21 at 17:39

Show 5 more comments

No answers

Browser other questions tagged php mysql mysqli

You are not signed in. Login or sign up in order to post.