On Wed, 2008-04-23 at 19:07 -0700, revDAVE wrote:
> NEWBIE! I have some GET data coming from a previous search form.
>
> How do I add the WHERE part ?
>
> orig:
>
> $query_get1 = "SELECT p_First, p_id, p_Last, p_Lvl, p_Sel
> FROM contacts";
>
> ------W / WHERE...???
>
> $query_get1 = "SELECT p_First, p_id, p_Last, p_Lvl, p_Sel
> FROM contacts
> WHERE p_First like $_GET['p_First'] or p_Last like $_GET['p_Last']";
>
>
> I tried various things that make errors:
>
> where p_First like '%$_GET['p_First ']%'";
> where p_First like ".$_GET['p_First ']."";
> Etc...
>
> How can I make this work?
<?php
$escape = 'mysql_real_escape_string';
$query_get1 =
"SELECT "
." p_First, "
." p_id, "
." p_Last, "
." p_Lvl, "
." p_Sel "
."FROM "
." contacts "
."WHERE "
." p_First LIKE '".$escape( $_GET['p_First'] )."' "
." OR "
." p_Last LIKE '".$escape( $_GET['p_Last'] )."' ";
?>
But really... you're not doing any partial matching so don't bother with
'LIKE'. Just do the following:
<?php
$query_get1 =
"SELECT "
." p_First, "
." p_id, "
." p_Last, "
." p_Lvl, "
." p_Sel "
."FROM "
." contacts "
."WHERE "
." p_First = '".$escape( $_GET['p_First'] )."' "
." OR "
." p_Last = '".$escape( $_GET['p_Last'] )."' ";
?>
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
