help with query

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
cybershot
Forum Commoner
Posts: 29
Joined: Thu Jul 24, 2008 12:06 pm

help with query

Post by cybershot »

I have this function that I am working on

Code: Select all

function get_subject_by_id($subject_id){
	global $connection;
	$query = "SELECT * FROM subjects WHERE id = " . $subject_id;
	$result_set = mysql_query($query, $connection);
	confirmQuery($result_set);
	//if no rows are returned, fetch array will return false.
	if($subject = mysql_fetch_array($result_set)){
		return $subject;
	} else {
		return null;	
	}
}
in the query, it wont work. I keep getting this error
database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

so I was paying with the query trying to figure out what is wrong and I can't figure it out. Finally I deleted some stuff and tried
SELECT * FROM subjects;

that worked so then I changed it back to
SELECT * FROM subjects WHERE id=" . $subject_id;

and it worked. the page loaded but then I changed it to this

SELECT * FROM subjects WHERE id=" . $subject_id . " LIMIT 1";

and it failed again. When I changed it back it failed again. Now it won't work. there is something screwy going on. Do you see a problem in the function?
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: help with query

Post by Darhazer »

Sanitize your input!
If subject_id is integer, cast it to integer!

Code: Select all

$query = "SELECT * FROM subjects WHERE id = " . (int) $subject_id;
Additionaly, since you've modified the query, please post the current code, so we can see the actual query that is failing.

What confirmQuery does?
Post Reply