Rick Dwyer wrote:
Hello all. I inherited some PHP pages about a year ago. They have been fine all along but now a bunch of erroneous errors and results are popping up. I traced it to the way the variables were being used on the page... for example, the following SQL statement (a space between ' and " for clarity): sql="select name from mytable where name=$myvar and display='yes' "; This has worked in the past but is now returning errors for some records and working for others. I changed the above to the following and now all is good: sql="select name from mytable where name=' ".$myvar." ' and display='yes' "; What would explain why the former is suddenly causing problems? The version of PHP is 5.2.3 and from what I can tell, hasn't been updated since February of 2011.
I would have a closer look at what the contents of $myvar is when it's giving an error. I would suspect it might contain a " or a ' ? The first version is not taking care of any characters that may need escaping, so you may well have been lucky in the past?
sql="select name from mytable where name='$myvar' and display='yes' " is another option for a different 'result', but personally I prefer to pass variables like this as a parameter, so the query just has name=? and you pass the $myvar in an array of variables. This helps prevent suspect sql getting into the query as well, not such a problem here, but sensible practice anyway.
-- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
