PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
The following code keeps giving me the error for unknown column in where clause. The problem is that it's not a column at all, it's an array. Can't figure out why it's giving me that error. I think I may not be using the array properly, just not sure how to fix it. Here is the problem query.
$lk_for = array(" ".$_GET['lf2']." ".$_GET['lf3']." ".$_GET['lf4']." ".$_GET['lf5']." ".$_GET['lf6']." ".$_GET['lf7']." ".$_GET['lf8']."");
$looking_for = implode(",", $lk_for);
$pag="SELECT u.*, up.* FROM users AS u INNER JOIN user_profile AS up ON u.id = up.user_id WHERE u.zip IN ({$zcodes}) AND u.gender='$gender' AND u.age BETWEEN '$min_age' and '$max_age' AND up.lf1 OR up.lf2 OR up.lf3 OR up.lf4 OR up.lf5 OR up.lf6 OR up.lf7 IN ({$looking_for})";
How do you mean it's missing the quotes in the query? Do you mean it should look like ('$looking_for')? If so, It gives me the same error.
I'm pretty bad about not escaping my input all of the time. I assumed that if the user had no control over the input that there was no real need to. For example choosing items from a drop down menu.
The error is "Unknown column 'example' in where clause. I'm thinking it's a problem with the array because if I load more than one value into the array I get a syntax error. If the array is holding 'example1' and 'example2' it will say the syntax error is near 'exampl2'.
Unless they alter the URL and resubmit the page I would think the only place user input could come from is the form I'm sending it from.
Probably because you need quotes - it's being interpreted as a table name.
And what's to stop the user using javascript to make it into a text input? Or rewriting the page? Or even writing a program to submit its own HTTP request to your process page?