I figured I had qupting errors. That's one of the areas where I have a hard time figure out how to google for the correct format to get my queries into.
But you gave me the key piece I was looking for which was specifically the concat_ws function. Your guess was pretty close on the formatting. Just one '-' in front and commas in-between the fields. You'll have to excuse my lack of knowledge, I've had no training and I've only managed to scrounge enough off the net to get the functions done. I'm only now starting to go through some of my code and databases and try to apply some after-the-fact knowledge to clean things up a bit. So... Can you help me out with what exactly "Also be aware that putting things directly from the request parameter into a sql string is a sql injection flaw." means?
From the sound of it are you telling me that by asking for multiple
qualifications in the select statement I'm running what is technically an "error", but works? Or something else entirely? Thanks again, that would have taken me forever to find otherwise! Levi (: On 6/15/06, Rick Funderburg <[EMAIL PROTECTED]> wrote:
Levi Smith wrote: > But I need something like: > . " WHERE item_categories.item_category = '$_GET[cat]' AND > 'item.vendor_id . > "-" . item.refer_id . "-" . item.short_item_id' = > item_categories.long_item_id"); > > Which does NOT work... Looks like you might have some quoting errors. Also, I'm not sure how to do string concatenation in mysql, but a quick google shows the CONCAT()[1] function. So it might be something like " WHERE item_categories.item_category = '$_GET[cat]' and CONCAT(item.vendor_id, '-', item.refer_id, '-', item.short_item_id) = item_categories.long_item_id" Also be aware that putting things directly from the request parameter into a sql string is a sql injection flaw. -- Rick [1]: http://dev.mysql.com/doc/refman/5.0/en/string-functions.html -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
