megz90 Posted April 27, 2008 Share Posted April 27, 2008 echo $hid; echo "<br />"; $queryowner = "SELECT dbOwnerId from xhorse where dbhorseid='$hid' AS oid"; $exec = mysql_query($queryowner) or die(mysql_error()); $oid = mysql_result($exec,'oid'); echo $oid; hi, could someone please have a look at this, i cant quite figure out what is wrong $oid will be a username letters/numbers mix error shows as 4 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS oid' at line 1 im trying to find out the username from the table xhorse where the horseid is the same as the _post value ive assigned to $hid the reason is so i can then use $oid to query another table called xowner to find balance and assign that result to $bal thanks for any advice... Link to comment https://forums.phpfreaks.com/topic/103128-exec-how-to-create-variable/ Share on other sites More sharing options...
Lumio Posted April 27, 2008 Share Posted April 27, 2008 What do you want to reach with AS oid? That's not a valid query Also your code is full with chances for SQL-Injections better to do it like that: <?php $hid = $_POST['idORsomething']; $hid = intval($hid); if ($hid == 0) die('???'); $queryowner = "SELECT dbOwnerId FROM xhorse WHERE dbhorseid=$hid LIMIT 1"; $result = mysql_query($queryowner) or die(mysql_error()); $row = mysql_fetch_assoc($result); print_r($row); ?> Link to comment https://forums.phpfreaks.com/topic/103128-exec-how-to-create-variable/#findComment-528232 Share on other sites More sharing options...
megz90 Posted April 27, 2008 Author Share Posted April 27, 2008 thanks, i had the $_post ... at the top of my code. i should of showed the full page. thanks for the help if ($hid == 0) die('No horse Selected'); $queryowner = "SELECT dbOwnerId FROM xhorse WHERE dbhorseid=$hid LIMIT 1"; $result = mysql_query($queryowner) or die(mysql_error()); $row = mysql_fetch_assoc($result); $oid="{$row['dbOwnerId']}"; echo $oid; the code you provided ive changed and it looks like this now. i can now use $oid to do something else before it adds the values in the database cheers Link to comment https://forums.phpfreaks.com/topic/103128-exec-how-to-create-variable/#findComment-528237 Share on other sites More sharing options...
Lumio Posted April 27, 2008 Share Posted April 27, 2008 Why are you putting the variable in quotes? Better directly: $oid=$row['dbOwnerId']; Link to comment https://forums.phpfreaks.com/topic/103128-exec-how-to-create-variable/#findComment-528239 Share on other sites More sharing options...
megz90 Posted April 27, 2008 Author Share Posted April 27, 2008 oh cool that worked just aswell. i didnt know any other way of doing it. ive always put them on in other areas of my code. and about the injection i know the problems. but i didnt find out about sql injection until about a month ago and by that time it was too late to change all of my code. ive added the (stripslashes($_post...... to a couple of my forms to show i know about the problem but wont have the time to add it to all. i need to work on my report now , this is to be handed in on Wednesday/Thursday thanks for your help Link to comment https://forums.phpfreaks.com/topic/103128-exec-how-to-create-variable/#findComment-528241 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.