I have successfully extracted the correct data from my database during testing (its just a prototype - so yes I know its not secure SQL). The test SQL is
$sql=
SELECT *
FROM jobcards
WHERE jobnumber='$jobnumber'
";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0)
{loop}
The issue is the source of the data to which $jobnumber is set.
If during testing I set $jobnumber to the string Agen912-491 (implicitly) I get out of the database exactly what I should get out. However here is the problem.
I am clicking from a link on another page. The link creates the URL:-
domain.php/jobcard.php?jobnumber=%20Agen912-491
which take me to the page on which the SQL query (and the output) resides. So on the page I set
$jobnumber = $_GET["jobnumber"];
echo $jobnumber;//testing
to request (and test) the jobnumber (passed from the link) that I need to insert into the WHERE condition. As expected the echo correctly returns Agen912-491. So exactly the same string (it seems) as the implicit value used succesfully in testing. All good so far.
However when I then set $jobnumber= $_GET["jobnumber"]; the database query fails to find any records. [In desperation I fudged the process so that the variable $jobnumber = $_SESSION ["jobnumber"]; (and ensured via an echo that $_session[] gave me Agent912-491). Now the database correctly returns the record again!
So for some reason the $GET["jobnumber"]; statement when set to $jobnumber is failing [even though when it is echoed it returns the correct value that works implicity (and when set it via $s[session]. So there is clearly an issue with a) requesting $_GET["jobnumber"]; b) setting it to the $jobnumber and then c) using that in the WHERE statement. Everything else works as does setting $jobnumber implicitly or via $_session.
I have an incline it might be something to do with santitising the $_GET result before using it. But that really is a guess and even if correct I dont know what exactly to try out.
Help would be really appreciated. Many thanks.