I have a php file that is connected to a MySQL database. It is suppose to get two parameters from the URL and using a like function on the parameter that is string. This is my php file:
<?php mysql_connect("mysql.1freehosting.com","u948577195_uname","p7CraCuRAw"); mysql_select_db("u948577195_dbnam"); $param = $_GET['param']; $UserID = $_GET['UserID']; $sql=mysql_query("SELECT UserID, UserName, DisplayName FROM User WHERE (UserID <> '$UserID') and (UserID NOT IN (SELECT UserID1 AS UserID FROM Friend WHERE (UserID2 = '$UserID') UNION ALL SELECT UserID2 AS UserID FROM Friend AS Friend_1 WHERE (UserID1 = '$UserID'))) AND( (UserName LIKE %'$param'%) OR (DisplayName LIKE %'$param'%))"); while($row=mysql_fetch_assoc($sql)) $output=$row; print(json_encode($output)); mysql_close(); ?>
This is the URL for the php file: http://pickupfriend.fulba.com/android_project/query7.php?param=s&UserID=1. It seems that the function falls because of the LIKE part. How can I solve that?