Rick Dwyer wrote:
Hello all.
I inherited some PHP pages about a year ago. They have been fine all along but
now a bunch of erroneous errors and results are popping up. I traced it to the
way the variables were being used on the page... for example, the following SQL
statement (a space between ' and " for clarity):
sql="select name from mytable where name=$myvar and display='yes' ";
This has worked in the past but is now returning errors for some records and
working for others. I changed the above to the following and now all is good:
sql="select name from mytable where name=' ".$myvar." ' and display='yes' ";
What would explain why the former is suddenly causing problems? The version of
PHP is 5.2.3 and from what I can tell, hasn't been updated since February of
2011.
I would have a closer look at what the contents of $myvar is when it's giving an
error. I would suspect it might contain a " or a ' ? The first version is not
taking care of any characters that may need escaping, so you may well have been
lucky in the past?
sql="select name from mytable where name='$myvar' and display='yes' " is another
option for a different 'result', but personally I prefer to pass variables like
this as a parameter, so the query just has name=? and you pass the $myvar in an
array of variables. This helps prevent suspect sql getting into the query as
well, not such a problem here, but sensible practice anyway.
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
