On Aug 8, 2011, at 11:58 PM, Chris Stinemetz wrote:
I am trying to pass text strings from on page to a next to populate
the queries on the passed to page.
The only way I can get the query to work is if I am able to put single
ticks around the string to make it literal, but I can't seem to figure
out how to do it for the following line of code.
echo '<h3><a href="store.php?id=' . $row['store_name'] . '">' .
$row['store_name'] . '</a><br /><h3>' . $row['store_type'];
When i do a dump the query and
print("<pre>".print_r($_GET,true)."</pre>");
I get the following respectively:
SELECT store_id, store_subject FROM stores WHERE store_subject = Loma
Vista 8712 Blue Ridge BlvdThe topic could not be displayed, please try
again later.You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to
use near 'Vista 8712 Blue Ridge Blvd' at line 3
The PHP code for the query is:
Array
(
[id] => Loma Vista 8712 Blue Ridge Blvd
)
$sql = "SELECT store_id, store_subject
FROM stores
WHERE store_subject = " . mysql_real_escape_string($_GET['id']);
Here, you need to insert single quotes around the search value in the
WHERE cause:
WHERE store_subject = '".mysql_real_escape_string($_GET['id']."'");
If that's hard to read like it is on my mailer, it's:
<
SINGLEQUOTE
>
<
DOUBLEQUOTE
>
<
PERIOD
>
mysql_escape_string
($_GET['id']]<PERIOD><DOUBLEQUOTE><SINGLEQUOTE><DOUBLEQUOTE>
This then surrounds the data in the search string with single quotes
for the SQL query.
The query works fine When I run the command in console and place ''
around Loma Vista 8712 Blue Ridge Blvd
Thank you,
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
