Re: [PHP] Why doesn't this simple query work?

2001-07-26 Thread Christian Reiniger 

On Wednesday 25 July 2001 23:05, Seb Frost wrote:
 Thanks for the suggestion but it's too ugly for me :-)  I'll just stick
 with using '.  I don't forsee a problem.

 $query = SELECT shoodID FROM shoots WHERE location='$location';

wget 
http://foo.bar/yourscript.php?location=xy';delete+from+shoots+where+location+!=+'

Use Addslashes or magic_quotes_gpc.

-- 
Christian Reiniger
LGDC Webmaster (http://lgdc.sunsite.dk/)

...to paraphrase Churchill, while representative  democracy may be
terrible, it's still the best system that large corporations can buy.

- David Weinberger JOHO January 25, 2000

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] Why doesn't this simple query work?

2001-07-25 Thread Boget, Chris 

 Driving me mad.  Works if I put a string in quote marks instead of the
 variable $location.
 $result = mysql_query(SELECT shootID FROM shoots WHERE
 (location=$location));
 This should work shouldn't it?  If it's a problem with the variable being
 embedded in the query what's the easiest way to overcome this?

$location is a string variable, yes?  If so, then your statement
needs to look like this:

$result = mysql_query(SELECT shootID FROM shoots WHERE
(location=\$location\));

Note the escaped quotes around $location.

Chris

Re: [PHP] Why doesn't this simple query work?

2001-07-25 Thread Jon Yaggie 

hmmm i think you need to always have quotes around string regardless of if
they are variables . .  .
$result = mysql_query(SELECT shootID FROM shoots WHERE
(location='$location'));

- Original Message -
From: Seb Frost [EMAIL PROTECTED]
To: php-general [EMAIL PROTECTED]
Sent: Thursday, July 26, 2001 3:10 AM
Subject: [PHP] Why doesn't this simple query work?


 Driving me mad.  Works if I put a string in quote marks instead of the
 variable $location.


 $result = mysql_query(SELECT shootID FROM shoots WHERE
 (location=$location));


 This should work shouldn't it?  If it's a problem with the variable being
 embedded in the query what's the easiest way to overcome this?

 cheers,

 seb

 -Original Message-
 From: Sheridan Saint-Michel [mailto:[EMAIL PROTECTED]]
 Sent: 19 July 2001 14:50
 To: php-general
 Subject: Re: [PHP] REGEXP


 I am not sure if I am understanding you... but if you just want to return
 the boundary try

 preg_match(|boundary=\([^\].+)\|Uis, $text, $regs );
 $boundary = $regs[1];

 I am guessing that you want the boundary from the lines
  to avoid regexp (too lazy) but now I want to use it.  The final result I
  would need is: B42DA66C4EC07C9B572A58FC so that I can search

 If you are looking for something else let me know
 Sheridan

  -Original Message-
  From: Adrian D'Costa [mailto:[EMAIL PROTECTED]]
  Sent: Saturday, July 14, 2001 2:54 AM
  To: php general list
  Subject: [PHP] REGEXP
 
  Hi,
 
  I am trying to capture the Header from a mail for my webmail using php
  and
  pop3.  The header is something like this:
  Content-Type: multipart/mixed;
   boundary=B42DA66C4EC07C9B572A58FC
 
  When I use preg_split(/[\d;]*/, $buffer), I get
  Content-Type: multipart/mixed;
 
  What I want is to return the whole line split by the ;.  I usually try
  to avoid regexp (too lazy) but now I want to use it.  The final result I
  would need is: B42DA66C4EC07C9B572A58FC so that I can search
  in the body of the message for the rest of the parts.
 
  Any pointers would be helpful.
 
  Adrian
 
 
  --
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
  To contact the list administrators, e-mail: [EMAIL PROTECTED]



 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Why doesn't this simple query work?

2001-07-25 Thread Moriyoshi Koizumi 

IMHO

$query = SELECT shoodID FROM shoots WHERE location=\$location\;

and even

$query = SELECT shoodID FROM shoots WHERE location='$location';

sometimes cause SQL Syntax Error,
because the variable $location may contain quote characters (')()...

since i experienced the same thing i've been doing like this...
(the reason is just that i did with 2 byte japanese characters?)


$query = sprintf(
'SELECT shootID FROM shoots WHERE location=%s',
AddSlashes( $location )
);


going well, but is this code too ugry?


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] Why doesn't this simple query work?

2001-07-25 Thread Brave Cobra 

True, that's because mySQl doesn't understand it without the signle quotes,
or any descent database for that matter.

BC

-Original Message-
From: Jon Yaggie [mailto:[EMAIL PROTECTED]]
Sent: woensdag 25 juli 2001 22:12
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Why doesn't this simple query work?


hmmm i think you need to always have quotes around string regardless of if
they are variables . .  .
$result = mysql_query(SELECT shootID FROM shoots WHERE
(location='$location'));

- Original Message -
From: Seb Frost [EMAIL PROTECTED]
To: php-general [EMAIL PROTECTED]
Sent: Thursday, July 26, 2001 3:10 AM
Subject: [PHP] Why doesn't this simple query work?


 Driving me mad.  Works if I put a string in quote marks instead of the
 variable $location.


 $result = mysql_query(SELECT shootID FROM shoots WHERE
 (location=$location));


 This should work shouldn't it?  If it's a problem with the variable being
 embedded in the query what's the easiest way to overcome this?

 cheers,

 seb

 -Original Message-
 From: Sheridan Saint-Michel [mailto:[EMAIL PROTECTED]]
 Sent: 19 July 2001 14:50
 To: php-general
 Subject: Re: [PHP] REGEXP


 I am not sure if I am understanding you... but if you just want to return
 the boundary try

 preg_match(|boundary=\([^\].+)\|Uis, $text, $regs );
 $boundary = $regs[1];

 I am guessing that you want the boundary from the lines
  to avoid regexp (too lazy) but now I want to use it.  The final result I
  would need is: B42DA66C4EC07C9B572A58FC so that I can search

 If you are looking for something else let me know
 Sheridan

  -Original Message-
  From: Adrian D'Costa [mailto:[EMAIL PROTECTED]]
  Sent: Saturday, July 14, 2001 2:54 AM
  To: php general list
  Subject: [PHP] REGEXP
 
  Hi,
 
  I am trying to capture the Header from a mail for my webmail using php
  and
  pop3.  The header is something like this:
  Content-Type: multipart/mixed;
   boundary=B42DA66C4EC07C9B572A58FC
 
  When I use preg_split(/[\d;]*/, $buffer), I get
  Content-Type: multipart/mixed;
 
  What I want is to return the whole line split by the ;.  I usually try
  to avoid regexp (too lazy) but now I want to use it.  The final result I
  would need is: B42DA66C4EC07C9B572A58FC so that I can search
  in the body of the message for the rest of the parts.
 
  Any pointers would be helpful.
 
  Adrian
 
 
  --
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
  To contact the list administrators, e-mail: [EMAIL PROTECTED]



 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] Why doesn't this simple query work?

2001-07-25 Thread Lawrence . Sheed 

how about

$location = addslashes($location);
$query = select shoodID from shoots where location = '$location';

or

$query = select shoodID from shoots where location = '.
addslashes($location) .';


Both are \'clean\' :)
-Original Message-
From: Moriyoshi Koizumi [mailto:[EMAIL PROTECTED]]
Sent: July 26, 2001 4:59 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Why doesn't this simple query work?


IMHO

$query = SELECT shoodID FROM shoots WHERE location=\$location\;

and even

$query = SELECT shoodID FROM shoots WHERE location='$location';

sometimes cause SQL Syntax Error,
because the variable $location may contain quote characters (')()...

since i experienced the same thing i've been doing like this...
(the reason is just that i did with 2 byte japanese characters?)


$query = sprintf(
'SELECT shootID FROM shoots WHERE location=%s',
AddSlashes( $location )
);


going well, but is this code too ugry?


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] how do you write queries in php codes? (was Re: [PHP] Why doesn't this simple query work?)

2001-07-25 Thread Moriyoshi Koizumi 

yes,
both of yours make the same result too, and are clean :-)

and i wonder what the best way is, to put queries into php code...

there's a more complicated sample,

$a=addslashes($a);
$b=addslashes($b);
$c=addslashes($c);
if( $another_table ) { $another_table=','.$another_table; }
$query = select abc,def,ghi
  from table1,table2 $another_table
  where abc='$a' and def='$b' and ghi='$c' ;


and i prefer because i often confuse php variables with columns


if( $another_table ) { $another_table=','.$another_table; }
$query = sprintf(
'select abc,def,ghi
 from table1,table2 %s
 where abc=%s and def=%s and ghi=%s',

 $another_table,
 addslashes($a), addslashes($b), addslashes($c)
);


but i think the latter loses some good php features...

then, does anyone have good idea?


[EMAIL PROTECTED] wrote:

 how about
 
 $location = addslashes($location);
 $query = select shoodID from shoots where location = '$location';
 
 or
 
 $query = select shoodID from shoots where location = '.
 addslashes($location) .';
 
 
 Both are \'clean\' :)


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] how do you write queries in php codes? (was Re: [PHP] Why doesn't this simple query work?)

2001-07-25 Thread Lawrence . Sheed 

Its however you prefer it (or whatever is easier to type usually).
sprintf is usable, depends on if you have a c or perl background, and its
second nature.


For me, I use editplus on windows which gives color coding
(www.editplus.com), if I do

$query = select abc,def,ghi from table1,table2. $another_table . where
abc='. $a .';

I can immediately see the $another_table, and $a are variables.
Use a color coded editor - it makes life a lot easier.

Lawrence.

-Original Message-
From: Moriyoshi Koizumi [mailto:[EMAIL PROTECTED]]
Sent: July 26, 2001 10:28 AM
To: [EMAIL PROTECTED]
Subject: [PHP] how do you write queries in php codes? (was Re: [PHP] Why
doesn't this simple query work?)


yes,
both of yours make the same result too, and are clean :-)

and i wonder what the best way is, to put queries into php code...

there's a more complicated sample,

$a=addslashes($a);
$b=addslashes($b);
$c=addslashes($c);
if( $another_table ) { $another_table=','.$another_table; }
$query = select abc,def,ghi
  from table1,table2 $another_table
  where abc='$a' and def='$b' and ghi='$c' ;


and i prefer because i often confuse php variables with columns


if( $another_table ) { $another_table=','.$another_table; }
$query = sprintf(
'select abc,def,ghi
 from table1,table2 %s
 where abc=%s and def=%s and ghi=%s',

 $another_table,
 addslashes($a), addslashes($b), addslashes($c)
);


but i think the latter loses some good php features...

then, does anyone have good idea?


[EMAIL PROTECTED] wrote:

 how about
 
 $location = addslashes($location);
 $query = select shoodID from shoots where location = '$location';
 
 or
 
 $query = select shoodID from shoots where location = '.
 addslashes($location) .';
 
 
 Both are \'clean\' :)


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]