Hello everybody, I'm building a small application and I have trouble passing a POST variable form one page to another inside the SQL statement.
The query displayed below works great without the
".$_POST['CompanyName']."
$query_company_listing = "SELECT CompanyID, CompanyName, CompanyOrDepartment, BillingAddress, City, PostalCode, PhoneNumber FROM company WHERE company.CompanyName=".$_POST['CompanyName']." ORDER BY CompanyName ASC";
you need to quote the string (company name) in the actual sql, compare the following 2 statements (lets assume companyname is 'IBM'):
WRONG (this is what you are doing now):
SELECT CompanyID, CompanyName,CompanyOrDepartment, BillingAddress, City, PostalCode, PhoneNumber FROM company WHERE company.CompanyName=IBM ORDER BY CompanyName ASC
RIGHT:
SELECT CompanyID, CompanyName,CompanyOrDepartment, BillingAddress, City, PostalCode, PhoneNumber FROM company WHERE company.CompanyName='IBM' ORDER BY CompanyName ASC
there may be times when the companyname contains a single quote - that will break your query unless you escape the single quote in the name before placing the string into the query string... mysql.com can tell you more.
But it messes up if I include it because the first " is considered as the end of the previous one and so on, so the code gets messed up.
I'll really appreciate any/all help! Have you all an excellent year! Jorge
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
