mike12255 Posted March 24, 2009 Share Posted March 24, 2009 Im trying to query my database using the following code: <?php include ("connect.php"); $id = $_GET['id']; $id = mysql_real_escape_string($id); //$sql = "SELECT * FROM tbl_product WHERE pd_id = $'id'"; $sql = "SELECT * FROM `tbl_product` WHERE `pd_id` = '$id'"; $result = mysql_query ($sql) or die (mysql_error()); $row = mysql_fetch_row($result); extract($row); echo "<tr>"; echo "<td align = \"center\">"; echo "<a href = \"item.php?id=$pd_id\"><img src=\"$pd_path\" border=\"0\"><br>$pd_name</a>"; echo "</td>"; echo "</tr>"; for some reason i get the error in the title though Unknown column '38' in 'where clause' but when i manually enter the sql using 38 instead of id it works so im confused all i did was copy $sql delete the begining and change id to 38 and used it in php my admin with ease. Quote Link to comment Share on other sites More sharing options...
lonewolf217 Posted March 24, 2009 Share Posted March 24, 2009 what if you try <?php $sql = "SELECT * FROM `tbl_product` WHERE `pd_id` = {$id} "; ?> Quote Link to comment Share on other sites More sharing options...
kickstart Posted March 24, 2009 Share Posted March 24, 2009 Hi I would just take the inverted commas away from around $id if it is a numeric field (they are not required for a numeric field) All the best Keith Quote Link to comment Share on other sites More sharing options...
mike12255 Posted March 24, 2009 Author Share Posted March 24, 2009 what if you try <?php $sql = "SELECT * FROM `tbl_product` WHERE `pd_id` = {$id} "; ?> still unknown column 38 in where clause Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted March 24, 2009 Share Posted March 24, 2009 Change $id = $_GET['id']; $id = mysql_real_escape_string($id); //$sql = "SELECT * FROM tbl_product WHERE pd_id = $'id'"; $sql = "SELECT * FROM `tbl_product` WHERE `pd_id` = '$id'"; to if(isset($_GET['id']) && !is_numeric($_GET['id'])) die('Forbidden'); $id = (int) $_GET['id']; $sql = "SELECT * FROM `tbl_product` WHERE `pd_id` = $id"; mysql_real_escape_string should only be used on strings, not numbers. Quote Link to comment Share on other sites More sharing options...
vplayas Posted March 24, 2009 Share Posted March 24, 2009 I believe the correct syntax for SQL is: $sql = "SELECT * FROM tbl_product WHERE pd_id = '".$id."'"; if Ppd_id is alpha or $sql = "SELECT * FROM tbl_product WHERE pd_id = ".$id; if Ppd_id is numeric Regards, Valentin Quote Link to comment Share on other sites More sharing options...
mike12255 Posted March 24, 2009 Author Share Posted March 24, 2009 ok didnt know about the escape_string and numbers. Well, neither of those worked srry Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted March 24, 2009 Share Posted March 24, 2009 The error you are posting cannot be caused by any of the queries that have been shown. I would suggest that the actual file that is being executed is different than the one you are showing or making changes to. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted March 24, 2009 Share Posted March 24, 2009 Change <?php $sql = "SELECT * FROM `tbl_product` WHERE `pd_id` = '$id'"; $result = mysql_query ($sql) or die (mysql_error()); ?> to <?php $sql = "SELECT * FROM `tbl_product` WHERE `pd_id` = '$id'"; $result = mysql_query ($sql) or die ("Problem with the query: $sql<br>" . mysql_error()); ?> This will show you what your query is. Please post that, since it might give a hint. Ken Quote Link to comment Share on other sites More sharing options...
mike12255 Posted March 24, 2009 Author Share Posted March 24, 2009 Change <?php $sql = "SELECT * FROM `tbl_product` WHERE `pd_id` = '$id'"; $result = mysql_query ($sql) or die (mysql_error()); ?> to <?php $sql = "SELECT * FROM `tbl_product` WHERE `pd_id` = '$id'"; $result = mysql_query ($sql) or die ("Problem with the query: $sql<br>" . mysql_error()); ?> This will show you what your query is. Please post that, since it might give a hint. Ken This is going to sound really messed up but i entered your code i know i uploaded the right file after saving i know im looking at the right file, and i still got the same error. Quote Link to comment Share on other sites More sharing options...
lonewolf217 Posted March 24, 2009 Share Posted March 24, 2009 it would seem you aren't on the page that you think you are on Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted March 24, 2009 Share Posted March 24, 2009 If the error did not also output the query string, then the file your form or link is requesting is not the same one that you are changing. Quote Link to comment Share on other sites More sharing options...
mike12255 Posted March 24, 2009 Author Share Posted March 24, 2009 no its this stupied ftp program shut down computer restarted opened it up reuploaded file and it worked - never use Core FTP Quote Link to comment Share on other sites More sharing options...
kickstart Posted March 24, 2009 Share Posted March 24, 2009 Hi I use Coreftp all the time with no problems at all. All the best Keith Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.