Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.
Moderator: General Moderators
ssand
Forum Commoner
Posts: 72 Joined: Sat Jun 22, 2002 9:25 pm
Location: Iowa
Post
by ssand » Mon Oct 08, 2007 2:32 pm
I have the following snipit for a query.
Code: Select all
WHERE `products`.`inv_type_name` = '$_GET['inv']'
Is it correct to use the $_GET['inv'] or will I be running into problems with the multiple single quotes?
Thanks
s.dot
Tranquility In Moderation
Posts: 5001 Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana
Post
by s.dot » Mon Oct 08, 2007 2:37 pm
ssand wrote: I have the following snipit for a query.
Code: Select all
WHERE `products`.`inv_type_name` = '$_GET['inv']'
Is it correct to use the $_GET['inv'] or will I be running into problems with the multiple single quotes?
Thanks
Concatenate.
Code: Select all
mysql_query("SELECT * FROM `table` WHERE `products`.`inv_type_name` = '" . $_GET['inv'] . "'");
Code: Select all
mysql_query("SELECT * FROM `table` WHERE `products`.`inv_type_name` = '{$_GET['inv']}'");
And, you should use some protection on your variables. Look into
mysql_real_escape_string() , at least. And, I'm completely assuming you're using MySQL as your dbms.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
ev0l
Forum Commoner
Posts: 56 Joined: Thu Jun 21, 2007 1:50 pm
Post
by ev0l » Mon Oct 08, 2007 2:49 pm
scottayy wrote: I'm completely assuming you're using MySQL as your dbms.
He must be, the ` character is non-standard SQL only supported by MySQL .
ssand
Forum Commoner
Posts: 72 Joined: Sat Jun 22, 2002 9:25 pm
Location: Iowa
Post
by ssand » Mon Oct 08, 2007 3:03 pm
Thanks for the fast replies.
-