On Tue, 2007-06-12 at 12:19 -0400, BSumrall wrote:
> I am sure I am on the right track.
> Register globals is turned on!
>
> I am getting the following error:
>
> You have an error in your SQL syntax; check the manual that corresponds to
> your MySQL server version for the right syntax to use near '[''] LIMIT 0, 1'
> at line 1
>
> mysql_select_db($database_ftn, $ftn);
> @extract($_POST);
BAD!!! BAD DOG!!! This is probably worse than register globals since it
allows clobbering of variables AFTER you've defined any other local
scope vars.
Besides, it's redundant if you have register_globals on as you say
above. But having register_globals is BAD! BAD DOG!! GO TO YOUR KENNEL!
> $query_Recordset1 = "SELECT * FROM lstng_tbl WHERE price_range=
> '[$select1]'";
What's with the square brackets? Why haven't your escaped the $select
value before using it in a query? Are you using the magic quotes GPC? If
so... BAD!!! BAD DOG!!
What the hell is lstng_tbl?? Or are you allergic to the readability
enahcning properties of vowels? If so... BAD DOG!! BAAAAAAAD DOOOOG! Go
play with traffic! Why do you post fix it with _tpl? Of course it's a
friggin' table.
> I am trying to get a php form variable into the above sql query.
> '[$select1]' if changed back to the number 1 will bring up a record just
> fine.
> Putting in a variable produces the error.
Who's putting in the variables? you or your visitors? *lol*
> How do I get a php form variable into a sql query?
>
> Below is my form
>
>
>
> <form id="form1" name="form1" method="post" action="index_dev.php">
> <label>market
> <select name="select1">
> <OPTION value="1">Indiana</OPTION>
> <OPTION value="2">Wisconsin</OPTION>
> <OPTION value="3">Illinois</OPTION>
> <OPTION value="4">Michigan</OPTION>
> <OPTION value="5">Georgia</OPTION>
> <OPTION value="6">Florida</OPTION>
> </select>
> </label>
> </form>
$query =
"SELECT "
." * "
."FROM "
." listing "
."WHERE "
." price_range =
'".mysql_real_escape_string( $_POST['select1'] )."' ";
Cheers,
Rob.
Ps. BAD DOG!! :)
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
