Page 1 of 1

help with query

Posted: Mon Nov 29, 2010 1:24 pm
by cybershot
I have this function that I am working on

Code: Select all

function get_subject_by_id($subject_id){
	global $connection;
	$query = "SELECT * FROM subjects WHERE id = " . $subject_id;
	$result_set = mysql_query($query, $connection);
	confirmQuery($result_set);
	//if no rows are returned, fetch array will return false.
	if($subject = mysql_fetch_array($result_set)){
		return $subject;
	} else {
		return null;	
	}
}
in the query, it wont work. I keep getting this error
database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

so I was paying with the query trying to figure out what is wrong and I can't figure it out. Finally I deleted some stuff and tried
SELECT * FROM subjects;

that worked so then I changed it back to
SELECT * FROM subjects WHERE id=" . $subject_id;

and it worked. the page loaded but then I changed it to this

SELECT * FROM subjects WHERE id=" . $subject_id . " LIMIT 1";

and it failed again. When I changed it back it failed again. Now it won't work. there is something screwy going on. Do you see a problem in the function?

Re: help with query

Posted: Mon Nov 29, 2010 1:50 pm
by Darhazer
Sanitize your input!
If subject_id is integer, cast it to integer!

Code: Select all

$query = "SELECT * FROM subjects WHERE id = " . (int) $subject_id;
Additionaly, since you've modified the query, please post the current code, so we can see the actual query that is failing.

What confirmQuery does?