Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Sep 2012
    Posts
    99
    Thanks
    22
    Thanked 0 Times in 0 Posts

    Question What's wrong with this php statement?

    What's wrong with this php statement?

    Code:
    $sql="SELECT Title, Post, Date FROM entries WHERE Title LIKE '%" . $name . "%' OR Post LIKE '%" . $name ."%' OR Date LIKE '%" . $name ."%'LIMIT $startResults, $resultsPerPage";

  • #2
    Senior Coder
    Join Date
    Apr 2011
    Location
    London, England
    Posts
    2,120
    Thanks
    15
    Thanked 354 Times in 353 Posts
    Quote Originally Posted by Thuita Maina View Post
    What's wrong with this php statement?

    Code:
    $sql="SELECT Title, Post, Date FROM entries WHERE Title LIKE '%" . $name . "%' OR Post LIKE '%" . $name ."%' OR Date LIKE '%" . $name ."%'LIMIT $startResults, $resultsPerPage";
    Date is a reserved word or, at least, not recommended as an identifier in most database systems. Surround it with back-ticks ` or square brackets, depending on which database you are using.

    If Date is stored as some kind of date-value, rather than a string, then probably the format for it needs some work.
    "I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
    Validate your HTML and CSS

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Syntactically it is not wrong. Date is a reserved word, but it is classified as the exceptional reserved words, so you don't actually *need* to back tick it. It would be wise to do so, and even wiser to simply not use date as a property. You're wildcarding the start of a string as well, so you won't be able to benefit from the use of an index.

    This also has nothing to do with PHP, and I'll assume mysql since you have a LIMIT there. Moving to mysql forum.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • #4
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    26,563
    Thanks
    80
    Thanked 4,496 Times in 4,460 Posts
    FouLu is assuming, which Andrew is not, that the database in use here is MySQL.

    In some other database, DATE truly is reserved and cannot be used with the escaping that Andrew noted.

    I do have to wonder how useful it is to do WHERE ... DATE LIKE '%$name%'...

    What is the likelihood that a date will look anything at all like a name?

    OH! IT JUST OCCURRED TO ME!!! *IF* your MySQL is set to treat WARNINGS the same as ERRORS, then indeed that *COULD* cause an error! Because that code *FORCES* MySQL to convert the DATE field into a VARCHAR field (it can't use LIKE with a DATE field). Normally, that will just get you a warning, that most of us will ignore. But if you are operating in very strict mode, that warning could be treated as an error.

    You can, of course, then avoid the warning (and error if you are in strict mode) thusly:
    Code:
    WHERE ... CONVERT(`DATE`, CHAR) LIKE '%$name%' ...
    That is, you explicitly tell MySQL that you WANT to convert the date to a string and it is much happier.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #5
    New to the CF scene
    Join Date
    Aug 2012
    Location
    New Delhi
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hello friends,
    These are:
    $result = mysql_query("SELECT id FROM users where fbID=$userID");
    if (mysql_num_rows($result) > 0) {
    mysql_query("UPDATE users
    SET firstName='$firstName'
    , lastName='$lastName'
    , facebookURL='$link'
    , birthday='$birthday'
    , update='$today'
    , accessToken='$accessToken'
    , parentEmailOne='$parentEmailOne'
    , WHERE fbID='$userID'");
    } else {
    mysql_query("INSERT INTO users
    (fbID, firstName, lastName, facebookURL, birthday
    , updated, accessToken, parentEmailOne )
    VALUES ('$userId', '$firstName', '$lastName', '$link', '$birthday'
    , '$today', '$accessToken', '$parentEmailOne')");
    }

  • #6
    Junsee
    Guest
    Quote Originally Posted by Thuita Maina View Post
    What's wrong with this php statement?

    Code:
    $sql="SELECT Title, Post, Date FROM entries WHERE Title LIKE '%" . $name . "%' OR Post LIKE '%" . $name ."%' OR Date LIKE '%" . $name ."%'LIMIT $startResults, $resultsPerPage";
    oooohh this is like pin the tail on the donkey...
    erm no space before the LIMIT is my guess...


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •