PHP MySQL result issue when using a variable in the WHERE Clause

Question

I am having a pretty weird problem with my PHP MySQL Query, I am trying to return rows that have the correct rname, rcity, and rstate values.

$sql = "SELECT * FROM `images` WHERE rname = '" . $rname . "' AND rcity = '" . $rcity . "' AND rstate = '" . $rstate . "'";

When I run that query, it only returns 0 results. However after some playing around with it, If I only use rname and rstate in the WHERE Clause it returns results.

$sql = "SELECT * FROM `images` WHERE rname = '" . $rname . "' AND rstate = '" . $rstate . "';

That works perfect. So when i tried just useing rcity in the WHERE Clause.

$sql = "SELECT * FROM `images` WHERE rcity = '" . $rcity . "'";

0 results return. So something is wrong with the rcity portion of the query. If I hard write the value into the query instead of the $rcity variable, it pulls up results. I doubled checked to make sure $rcity was declared, it has the correct value, etc.

I also created another test table in the database to check to see if it was a problem on the db side. Which the problem still existed.

Here is the full code of the getQuery() Function

private function getQuery($data){
    // Takes raw data and creats image(s) query to search for listing resort...
        $listing = $data['listing'];
        $rname = $data['rname'];
        $rcity = $data['rcity'];
        $rstate = $data['rstate'];

        $query = "SELECT * FROM `test` WHERE rname = '" . $rname . "' AND rcity = '" . $rcity . "' AND rstate = '" . $rstate ."'";

        return $query;
}

And Here is my database class

class db {

        public function __construct(){
            $this->server = DB_SERVER;
            $this->user = DB_USER;
            $this->Pass = DB_PASS;
            $this->Database = DB_Database;
        }

        protected function connect(){
            return mysqli_connect($this->server, $this->user, $this->Pass, $this->Database);
        }

        public function query($sql){

            $conn = $this->connect();
            $query = $conn->query($sql);

                if($query == false) {
                    throw new Exception("Query failed:".PHP_EOL.$conn->error.PHP_EOL.$sql);
                }
                if($query->num_rows == 0) {
                    // need E_NOTICE errors enabled to see this,
                    // on screen if display_errors is on, else in PHP error log
                    trigger_error("Query returned 0 rows:".PHP_EOL.$sql);
                }
                $result = array();
                    while ($row = $query->fetch_assoc()){
                        $result[] = $row;
                    }
                return $result;
        }

    }

I call the query in a class __construct function like so

$con = new db;

    $sql = $this->getQuery($data);
    $result = $con->query($sql);

Answer 1

I think problem can be with syntax or mysql screening. Try to use PDO with bindParam method

Answer 2

$sql = "SELECT * FROM `images` WHERE rname = '$rname' AND rcity = '$rcity' AND rstate = '$rstate'";

尝试实现这一点，即直接在' （撇号）之间使用变量，它应该可以完美地工作