PHP 中 mysql_query() 函数中的奇怪错误（查询中的和子句）

Question

When I add AND operator in mysql_query() function, it stops working and anything after that stops working! For Example: When i wrote this:

 $query1 = mysql_query("SELECT *  FROM chat1 where friendname = '$_POST[fname]' ");

 $row= mysql_fetch_array($query1) or die(mysql_error()); 
 echo "$row[message]";

The above query runs successfully !

But when i do this :

 $query1 = mysql_query("SELECT *  FROM chat1 where friendname = '$_POST[fname]' AND username = '$_POST[uname]' ");

 $row= mysql_fetch_array($query1) or die(mysql_error()); 

 echo "$row[message]";

I get Null output! I think the "AND" operator is not working!!! please help me with this!! Have a look at my complete code and Database Snapshot! Click here

Answer 1

If it is returning NULL then probably the record doesn't exists. Try to output this query on the screen and post the raw query here.

Maybe your search needs a LIKE instead of a =

Answer 2

Likely, the row(s) you are looking for do not exist.

The AND is a boolean operator that requires that both expressions have to evaluate to true. In the context of your query, that means for a row to be returned, both of the conditions have to be true on that single row.

I suspect that you may want an OR those two conditions. Did you want to return only rows that meet both criteria, or did you want any rows that have fname with a certain value, along with any rows that have uname of a specific value? If the first query is returning rows, then replacing AND with OR should return you some rows.

---

For debugging this type of problem, generate the SQL text into a variable, and then echo or var_dump the SQL text, before you send it to the database.

eg

    $sql = "SELECT *  FROM chat1 where friendname = '" 
         . mysql_real_escape_string($_POST['fname'])
         ."' ";
    echo "SQL=" . $sql ;  # for debugging

Take the text of SQL statement that's emitted to another client, to test the SQL statement, to figure out if the SQL statement is actually returning the resultset you expect it to return.

(In your code, reference the $sql in the function that prepares/executes the SQL statement.)

Follow this pattern for all dynamically generated SQL text: generate the SQL text into a variable. For debugging, echo or var_dump or otherwise emit or log the contents of the variable. Take the SQL text to another client and test it.

Dumping code that isn't working on to StackOverflow is not the most efficient way to debug your program. Narrow down where the problem is.

How to debug small programs http://ericlippert.com/2014/03/05/how-to-debug-small-programs/

---

NOTES

You probably want to verify that $_POST['fname']) contains a value.

It's valid (SQL-wise) for a SELECT statement to return zero rows, if there are no rows that satisfy the predicates.

Potentially unsafe values must be properly escaped if you include them in the text of a SQL statement. (A better pattern is to use prepared statements with bind placeholders , available in the (supported) mysqli and PDO interfaces.

Also, use single quotes around fname .... eg

    $_POST['fname']
           ^     ^