Click here to Skip to main content
15,741,947 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I have a script to match serial number from MYSQL, if the exact string is found it will shows 1 multiple results but if is not found it will echo multiple results too and I was wondering how can I echo just 1 result if found or not found?

What I have tried:

	<form action="<?php echo htmlspecialchars($_SERVER[" PHP_SELF "]); ?>" method="post">
		Keyword: <input name="serialnumber" type="text" size="10">
		<input type="submit">


	if ( !empty( $_POST ) ):

		$serial = htmlspecialchars( $_POST[ "serialnumber" ] );


if (mysqli_connect_errno())
echo "Failed to connect to MySQL: " . mysqli_connect_error();

$result = mysqli_query($con,"SELECT * FROM wp_lic_key_tbl");

while($row = mysqli_fetch_assoc($result))
$serial2 = $row['license_key'] ;


if(strpos($serial, $serial2) !== false){
    echo "<div align='center'><h1>Serial Found!</h1></div>";

} else{
    echo "<div align='center'><h1>Serial not Found!</h1></div>";


Updated 5-Jan-23 16:05pm
Member 15627495 6-Jan-23 1:53am    
"SELECT * FROM wp_lic_key_tbl where license_key=\"".$serial."\"";
Richard Deeming 6-Jan-23 5:30am    
Bad idea - you've just introduced a SQL Injection[^] vulnerability.

NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]
Member 15627495 6-Jan-23 5:43am    
PDO or query->prepare are parts of the provided code here.

prepare() is a string builder, with less parameters than a common string. it avoid the code overload existing when an injection is attempting.

the bind() is filtering input for a given Type

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900