I'm trying to filter sql query by a word that is contained within a db column.
This is working (Please don't tell me the Having is wrong... it doesn't work with Where)
$query = sprintf("SELECT *, ( 3959 * acos( cos( radians('%s') ) * cos( radians( `Lat` ) ) * cos( radians( `Long` ) - radians('%s') ) + sin( radians('%s') ) * sin( radians( `Lat` ) ) ) ) AS distance FROM Tutors HAVING distance < '%s' ORDER BY distance",
mysql_real_escape_string($lat),
mysql_real_escape_string($lng),
mysql_real_escape_string($lat),
mysql_real_escape_string($radius));
$result = mysql_query($query, $dbConn);
I'd like to add something like:
$query = sprintf("SELECT *, ( 3959 * acos( cos( radians('%s') ) * cos( radians( `Lat` ) ) * cos( radians( `Long` ) - radians('%s') ) + sin( radians('%s') ) * sin( radians( `Lat` ) ) ) ) AS distance FROM Tutors HAVING distance < '%s' AND SubjectList like '%s' ORDER BY distance",
mysql_real_escape_string($lat),
mysql_real_escape_string($lng),
mysql_real_escape_string($lat),
mysql_real_escape_string($radius),
mysql_real_escape_string($subject));
$result = mysql_query($query, $dbConn);
Here's the solution that now works - thanks for everyone's help
$query = "SELECT *, ( 3959 * acos( cos( radians('". addslashes($lat) ."') ) * cos( radians( `Lat` ) ) * cos( radians( `Long` ) - radians('". addslashes($lng) ."') ) + sin( radians('". addslashes($lat) ."') ) * sin( radians( `Lat` ) ) ) ) AS distance FROM Tutors WHERE `SubjectList` LIKE '%". addslashes($subject) ."%' GROUP BY distance HAVING distance < '". addslashes($radius) ."'";