Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Aug 2006
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Query Issue: Letters in field result in Error

    Hello, I have a MYSQL problem I can't seem to figure out. It seems like something simple but alas I can not find the error.

    I have a link which opens a new browser window. The link itself looks like this;

    Code:
    <a href=\"JavaScript:goVisitSite('http://www.website.com/view_product.php?iid=$row[0]')\">View Product Page</a>
    $row[0] being the item's ID.

    The page it opens has this query;

    Code:
    $query = ("SELECT * FROM product WHERE product.id = {$_GET['iid']}");
    		$result = @mysql_query ($query);
    		$row = @mysql_fetch_array ($result,MYSQL_BOTH);
    This code works fine for items with numerical values (123456) but does not load data for items with letters in the ID (E12345).

    If anyone can help me I would appreciate it very much.

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    You would be getting helpful warning messages pointing you in the direction of the problem, but for some reason you are suppressing messages with your use of the "@" sign on your mysql_query() function and mysql_fetch_array() function. I can understand suppressing warnings in a production environment, but when you're trying to troubleshoot I can't imagine why you'd be using them.

    Another critical bit of error handling you're missing is checking to see if the call to mysql_query() returns true or false.
    PHP Code:
    $result mysql_query ($query);
    if (!
    $result) {
        
    //do appropriate error handling here, such as display the $query variable, display mysql_error(), write to log, etc
    } else {
        
    $row mysql_fetch_array($result);

    To address your specific problem, any strings you inject into SQL syntax must be enclosed by quotes. Integers/floats don't need quotes; this is why numeric values worked for you and alphanumeric values didn't.

    PHP Code:
    $query = ("SELECT * FROM product WHERE product.id = '{$_GET['iid']}'"); 
    Last edited by Fumigator; 08-22-2006 at 05:49 AM.

  • #3
    Regular Coder
    Join Date
    Jun 2005
    Posts
    804
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I wouldn't worry about suppressing those too much, especially in this case -- they're only helpful if your function fails on the php side, not if your query fails on the MySQL side. To get those errors, you need to use PHP's mysql_error() function.

  • #4
    Super Moderator guelphdad's Avatar
    Join Date
    Mar 2006
    Location
    St. Catharines, Ontario Canada
    Posts
    2,634
    Thanks
    4
    Thanked 148 Times in 139 Posts
    What is your column type? Is it char/varchar? if it isn't one of those two then the error would be because you are trying to insert a string into a numeric column.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •