MySQL select works in phpMyAdmin but my PHP returns no rows with the same call

Question

Heres my code

<?php
session_start();

include('config.php');
if(isset($_GET['search_word']))
{
    // echo $_GET['search_word'] . '<br />'; // debugging
    $search_word = $_GET['search_word'];
    $search_word = mysql_escape_string($search_word);
    $search_word_fix = str_replace(" ","%",$search_word);

    $query = "SELECT * FROM article WHERE article_title LIKE '%" . $search_word . "%' AND article_live = '1' ORDER BY article_id DESC";
    // echo $query . '<br />'; // debugging

    $sql = mysql_query($query);
    $count = mysql_num_rows($sql);
    // echo $count . '<br />'; // debugging
    // echo mysql_num_rows($sql) . '<br />'; // debugging
    if($count > 0)
    {
        while($row=mysql_fetch_array($sql))
        {
            $msg=$row['article_title'];
            $bold_word='<b>'.$search_word.'</b>';
            $final_msg = str_ireplace($search_word, $bold_word, $msg);

            echo $final_msg; 
        }
    }
    else
    {
        echo "No Results";
    }
}?>

Can anyone see an issue with it? I cant pick out what is not working with this script and ive been staring at it for a while. It never makes it to the WHILE loop only the "No Results" and the count returns blank when i uncomment my debugging.

Answer 1

Count returning blank means your query failed for some reason.

• Are you connecting to the db properly? Try using mysql_error() right after your query:

  $error_msg = mysql_error();
  

• Use mysql_real_escape_string() instead of mysql_escape_string() - it respects the character set so that you don't have UTF8 issues

If you're using this publicly, you may want to learn about using binds to eliminate the possibility of SQL injection via a library like PDO.

Here's a pretty good tutorial/introduction to PDO explaining why it's important!