Re: [PHP] pass text variables to next page
Thank you Tamara. Not sure if I am doing it right. It looks like the last single quote is being escaped. When I dump the query I get: SELECT store_id, store_subject FROM stores WHERE store_subject = 'Bella Roe 4980 Roe Blvd\' I am thinking maybe I have too many single quotes some where, but I can't find it. echo 'h4a href=store.php?id=' . $storerow['store_subject'] . '' . $storerow['store_subject'] . '/a/h4 at ' . date('m-d-Y', strtotime($storerow['store_date'])); The query: $sql = SELECT store_id, store_subject FROM stores WHERE store_subject = ' . mysql_real_escape_string($_GET['id'].'); Thank you, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] pass text variables to next page
Date: Tue, 9 Aug 2011 07:30:47 -0500 From: chrisstinem...@gmail.com To: tamouse.li...@gmail.com CC: php-general@lists.php.net Subject: Re: [PHP] pass text variables to next page Thank you Tamara. Not sure if I am doing it right. It looks like the last single quote is being escaped. [SNIP] The query: $sql = SELECT store_id, store_subject FROM stores WHERE store_subject = ' . mysql_real_escape_string($_GET['id'].'); Thank you, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php The problem is with the mysql_real_escape_string closing parenthesis position, instead of ($_GET['id'].'); it should be ($_GET['id']).'; HTH, Jasper
Re: [PHP] pass text variables to next page
On Aug 9, 2011, at 7:42 AM, Jasper Mulder wrote: Date: Tue, 9 Aug 2011 07:30:47 -0500 From: chrisstinem...@gmail.com To: tamouse.li...@gmail.com CC: php-general@lists.php.net Subject: Re: [PHP] pass text variables to next page Thank you Tamara. Not sure if I am doing it right. It looks like the last single quote is being escaped. [SNIP] The query: $sql = SELECT store_id, store_subject FROM stores WHERE store_subject = ' . mysql_real_escape_string($_GET['id'].'); Thank you, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php The problem is with the mysql_real_escape_string closing parenthesis position, instead of ($_GET['id'].'); it should be ($_GET['id']).'; Yup, my fault, I put it inside the closing paren to mysql_real_escape_string. it should be outside.
Re: Re: [PHP] pass text variables to next page
On 09 Aug 2011 at 13:30, Chris Stinemetz chrisstinem...@gmail.com wrote: Not sure if I am doing it right. It looks like the last single quote is being escaped. When I dump the query I get: SELECT store_id, store_subject FROM stores WHERE store_subject = 'Bella Roe 4980 Roe Blvd\' I am thinking maybe I have too many single quotes some where, but I can't find it. echo 'h4a href=store.php?id=' . $storerow['store_subject'] . '' .. $storerow['store_subject'] . '/a/h4 at ' . date('m-d-Y', strtotime($storerow['store_date'])); The query: $sql = SELECT store_id, store_subject FROM stores WHERE store_subject = ' . mysql_real_escape_string($_GET['id'].'); Why don't you: 1) Make this a single line instead of splitting it over three. No need to do that. 2) Having created $sql, echo it out. That way you could see whether it's correct or not. Doing (1) and (2) will make it a damn sight easier to see what you are *actually* creating. -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] pass text variables to next page
On 9 August 2011 16:31, Tim Streater t...@clothears.org.uk wrote: On 09 Aug 2011 at 13:30, Chris Stinemetz chrisstinem...@gmail.com wrote: Not sure if I am doing it right. It looks like the last single quote is being escaped. When I dump the query I get: SELECT store_id, store_subject FROM stores WHERE store_subject = 'Bella Roe 4980 Roe Blvd\' I am thinking maybe I have too many single quotes some where, but I can't find it. echo 'h4a href=store.php?id=' . $storerow['store_subject'] . '' .. $storerow['store_subject'] . '/a/h4 at ' . date('m-d-Y', strtotime($storerow['store_date'])); The query: $sql = SELECT store_id, store_subject FROM stores WHERE store_subject = ' . mysql_real_escape_string($_GET['id'].'); Why don't you: 1) Make this a single line instead of splitting it over three. No need to do that. 2) Having created $sql, echo it out. That way you could see whether it's correct or not. Doing (1) and (2) will make it a damn sight easier to see what you are *actually* creating. -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php A single line of SQL is what things start out as. But it is a language just like any other and as such, indenting has proven advantages. -- Richard Quadling Twitter : EE : Zend : PHPDoc @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] pass text variables to next page
I am trying to pass text strings from on page to a next to populate the queries on the passed to page. The only way I can get the query to work is if I am able to put single ticks around the string to make it literal, but I can't seem to figure out how to do it for the following line of code. echo 'h3a href=store.php?id=' . $row['store_name'] . '' . $row['store_name'] . '/abr /h3' . $row['store_type']; When i do a dump the query and print(pre.print_r($_GET,true)./pre); I get the following respectively: SELECT store_id, store_subject FROM stores WHERE store_subject = Loma Vista 8712 Blue Ridge BlvdThe topic could not be displayed, please try again later.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Vista 8712 Blue Ridge Blvd' at line 3 The PHP code for the query is: Array ( [id] = Loma Vista 8712 Blue Ridge Blvd ) $sql = SELECT store_id, store_subject FROM stores WHERE store_subject = . mysql_real_escape_string($_GET['id']); The query works fine When I run the command in console and place '' around Loma Vista 8712 Blue Ridge Blvd Thank you, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pass text variables to next page
On Aug 8, 2011, at 11:58 PM, Chris Stinemetz wrote: I am trying to pass text strings from on page to a next to populate the queries on the passed to page. The only way I can get the query to work is if I am able to put single ticks around the string to make it literal, but I can't seem to figure out how to do it for the following line of code. echo 'h3a href=store.php?id=' . $row['store_name'] . '' . $row['store_name'] . '/abr /h3' . $row['store_type']; When i do a dump the query and print(pre.print_r($_GET,true)./pre); I get the following respectively: SELECT store_id, store_subject FROM stores WHERE store_subject = Loma Vista 8712 Blue Ridge BlvdThe topic could not be displayed, please try again later.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Vista 8712 Blue Ridge Blvd' at line 3 The PHP code for the query is: Array ( [id] = Loma Vista 8712 Blue Ridge Blvd ) $sql = SELECT store_id, store_subject FROM stores WHERE store_subject = . mysql_real_escape_string($_GET['id']); Here, you need to insert single quotes around the search value in the WHERE cause: WHERE store_subject = '.mysql_real_escape_string($_GET['id'].'); If that's hard to read like it is on my mailer, it's: SINGLEQUOTE DOUBLEQUOTE PERIOD mysql_escape_string ($_GET['id']]PERIODDOUBLEQUOTESINGLEQUOTEDOUBLEQUOTE This then surrounds the data in the search string with single quotes for the SQL query. The query works fine When I run the command in console and place '' around Loma Vista 8712 Blue Ridge Blvd Thank you, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php