The purpose for register_globals is for testing and functionality purposes only. Every single example on the internet is for register_globals = on. I am very aware of the security risk of it. Get it working and then change it back. There is plenty of literature on how to edit existing working code once you disable it. Just working with the tools I have! As far as _tbl instead of table, I picked that one up in the military, just a preference. As far as the brackets, I tried with or without; price_range='[$select1]'"; price_range='$select1'"; price_range=select1"; All the same miserable error! Any suggestions on how to get select1 -> price_range= would truly be appreciated, and if your suggestion it more secure than what I am working with. This would be the icing on the cake! Brad -----Original Message----- From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx] Sent: Tuesday, June 12, 2007 12:38 PM To: BSumrall Cc: php-general@xxxxxxxxxxxxx Subject: RE: Looking for help with forms/variables and an array! On Tue, 2007-06-12 at 12:19 -0400, BSumrall wrote: > I am sure I am on the right track. > Register globals is turned on! > > I am getting the following error: > > You have an error in your SQL syntax; check the manual that corresponds to > your MySQL server version for the right syntax to use near '[''] LIMIT 0, 1' > at line 1 > > mysql_select_db($database_ftn, $ftn); > @extract($_POST); BAD!!! BAD DOG!!! This is probably worse than register globals since it allows clobbering of variables AFTER you've defined any other local scope vars. Besides, it's redundant if you have register_globals on as you say above. But having register_globals is BAD! BAD DOG!! GO TO YOUR KENNEL! > $query_Recordset1 = "SELECT * FROM lstng_tbl WHERE price_range= > '[$select1]'"; What's with the square brackets? Why haven't your escaped the $select value before using it in a query? Are you using the magic quotes GPC? If so... BAD!!! BAD DOG!! What the hell is lstng_tbl?? Or are you allergic to the readability enahcning properties of vowels? If so... BAD DOG!! BAAAAAAAD DOOOOG! Go play with traffic! Why do you post fix it with _tpl? Of course it's a friggin' table. > I am trying to get a php form variable into the above sql query. > '[$select1]' if changed back to the number 1 will bring up a record just > fine. > Putting in a variable produces the error. Who's putting in the variables? you or your visitors? *lol* > How do I get a php form variable into a sql query? > > Below is my form > > > > <form id="form1" name="form1" method="post" action="index_dev.php"> > <label>market > <select name="select1"> > <OPTION value="1">Indiana</OPTION> > <OPTION value="2">Wisconsin</OPTION> > <OPTION value="3">Illinois</OPTION> > <OPTION value="4">Michigan</OPTION> > <OPTION value="5">Georgia</OPTION> > <OPTION value="6">Florida</OPTION> > </select> > </label> > </form> $query = "SELECT " ." * " ."FROM " ." listing " ."WHERE " ." price_range = '".mysql_real_escape_string( $_POST['select1'] )."' "; Cheers, Rob. Ps. BAD DOG!! :) -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
