RE: Query Syntax - WHERE fieldname1="fieldvalue1"ANDfieldname2="fieldvalue2"

RE: Query Syntax - WHERE fieldname1="fieldvalue1"ANDfieldname2="fieldvalue2"

am 22.05.2007 20:16:33 von Trevor Gryffyn

`` shouldn't react the same as ''.

If it does though, maybe try using them but putting your variables outside the quotes:

$query = "SELECT `" . $field_name . "` FROM `classifieds` WHERE `" . $field_name1 ."` = '" . $field_value1 . "' AND `" . $field_name2 . "` ='" . $field_value2 . "'";


And check what the other poster said about the "SELECT FROM" with no value for $field_name.

This is going to be something really simple and basic.

-TG

= = = Original message = = =

Thanks - but it doesn't work `` interprets the literal value $field_name
as the column name and not its contents "trans_type".

Warning: mysql_query() [http://www.mysql.com/doc]: Unknown column '' in
'field list' in C:\apache2triad\htdocs\sunlakes\test3.php on line 83
Unknown column '' in 'field list'



-----Original Message-----
From: tg-php@gryffyndevelopment.com [mailto:tg-php@gryffyndevelopment.com]
Sent: Tuesday, May 22, 2007 10:57 AM
To: php-windows@lists.php.net
Cc: mark@hospitalsystemsgroup.com
Subject: Re: [PHP-WIN] Query Syntax - WHERE
fieldname1='fieldvalue1'ANDfieldname2='fieldvalue2'

Couple of things.. I'm not sure (and too lazy to look it up) if something
like "category" is a reserved word, but you can try enclosing your
field/table names in backticks (? whatever they're called.. the single quote
looking character on the tilde)

SELECT * FROM `classifieds` WHERE `trans_type` = 'For Sale' AND `category`
='Boats'

or...

$query = "SELECT `$field_name` FROM `classifieds` WHERE `$field_name1` =
'$field_value1' AND `$field_name2` ='$field_value2'";

Making sure your variables always have values. As mentioned, echoing out
your $query to see what it translates to can be very useful.

Last thing is to make sure your variables don't contain characters that,
unescaped, can screw up your query. Stuff like apostrophes and such.

Best way to do this, and ensure some level of security, is to use
mysql_real_escape_string().

I don't usually use variables for my field and table names, but I'm guessing
you can use this function (and that it's recommended to do so anytime you
use a variable in your SQL) for those as well as values.

$field_name = mysql_real_escape_string($field_name);
$field_name1 = mysql_real_escape_string($field_name1);
$field_value1 = mysql_real_escape_string($field_value1);
$field_name2 = mysql_real_escape_string($field_name2);
$field_value2 = mysql_real_escape_string($field_value2);

$query = "SELECT `$field_name` FROM `classifieds` WHERE `$field_name1` =
'$field_value1' AND `$field_name2` ='$field_value2'";

Or do it inline or write a function wrapper to make it easier to read or
however you want to do it.


Operation precedence shouldn't be an issue. I usually run into that when
dealing with an "OR" situation as well as "AND"s. Since you have a really
basic AND-only situation, you shouldn't have to worry about parens.


Maybe that'll help a little. If not, write back with some of your echo'd
SQL $query stuff.

-TG



___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php