sql query doesn't return anything

Question

Hi I'm trying to run the following query but nothing seems to be returned All I want to is to return the job_discription for the choosen job_type from my jobs table.

Please any help would be great as I have spent hours trying to solve it.

Thank you

alan

<input type="hidden" name="JOB_TYPE" value="<?php print $_POST['JOB_TYPE'];?>"/>

<?php
$Query = " (SELECT JOB_TYPE, JOB_DISCRIPTION FROM jobs  " .
"WHERE jobs.JOB_TYPE ='$_POST[JOB_TYPE]' " .
"AND jobs.JOB_DISCRIPTION = 'JOB_DISCRIPTION')";

$Result = mysqli_query($DB, $Query);  
?>

<?php  
$Result = mysqli_query($DB,$Query)or die(mysqli_error($DB));

while ($Row = mysqli_fetch_assoc($Result))  // Now we go through the data displaying 
{

print  $Row ['JOB_DISCRIPTION']  ;  

}
?>

Answer 1

First, the code is very prone to sql injection: you shouldn't use the $_POST data directly. Second remove the last condition if you want a description for a particular type.

Answer 2

Remove the AND statement from the end:

AND jobs.JOB_DISCRIPTION = 'JOB_DISCRIPTION'

Also remove the parenthesis ( ) from around the query statement.

Answer 3

" -- quotation marks are only required at the start and end
SELECT JOB_TYPE
     , JOB_DISCRIPTION -- some people spell description with an 'e'
  FROM jobs  
 WHERE jobs.JOB_TYPE =$_POST['JOB_TYPE']    -- escape data (using modern methods) to prevent injection and note 
   AND jobs.JOB_DISCRIPTION = 'JOB_DISCRIPTION'; -- This is really strange
"