jim.davidson Posted August 5, 2009 Share Posted August 5, 2009 $query_getCust = sprintf("SELECT * FROM customer WHERE updated_by = %s OR created_by =%s", GetSQLValueString($_POST['user_id'], "int")); Quote Link to comment Share on other sites More sharing options...
Maq Posted August 5, 2009 Share Posted August 5, 2009 Why don't you try it out first? Quote Link to comment Share on other sites More sharing options...
jim.davidson Posted August 5, 2009 Author Share Posted August 5, 2009 Ok I trued it $userid = 1; mysql_select_db($database_mine, $mine); $query_getCust = sprintf("SELECT * FROM customer WHERE updated_by = %s OR created_by =%s", GetSQLValueString($userid, "int")); $getCust = mysql_query($query_getCust, $mine) or die(mysql_error()); $row_getCust = mysql_fetch_assoc($getCust); $totalRows_getCust = mysql_num_rows($getCust); echo $totalRows_getCust; Here's the error I'm getting. Warning: sprintf() [function.sprintf]: Too few arguments in C:\Sites\shoppe\testsql.php on line 38 Query was empty Quote Link to comment Share on other sites More sharing options...
jim.davidson Posted August 5, 2009 Author Share Posted August 5, 2009 Sorry I meant to say tried, no trued. Also this is line 38 $query_getCust = sprintf("SELECT * FROM customer WHERE updated_by = %s OR created_by = %s", GetSQLValueString($userid, "int")); I think it has to do with GetSQLValueString($userid, "int"), I'm pretty sure I'm missing something here. Any help will be appreciated Quote Link to comment Share on other sites More sharing options...
kickstart Posted August 5, 2009 Share Posted August 5, 2009 Hi Don't normally use sprintf, but it appears you are using 2 parameters in the SQL but only only passing one. So this would work (although horrible and pointless):- $query_getCust = sprintf("SELECT * FROM customer WHERE updated_by = %s OR created_by = %s", GetSQLValueString($userid, "int"), GetSQLValueString($userid, "int")); However not sure but think this would work and is better $query_getCust = sprintf("SELECT * FROM customer WHERE updated_by = %1$s OR created_by = %1$s", GetSQLValueString($userid, "int")); All the best Keith Quote Link to comment Share on other sites More sharing options...
jim.davidson Posted August 5, 2009 Author Share Posted August 5, 2009 Ok I tried a different route, $userid = 1; $query_getCust = "SELECT * FROM customer WHERE updated_by = $userid OR created_by = $userid"; $row_getCust = mysql_fetch_assoc($getCust); $totalRows_getCust = mysql_num_rows($getCust); echo $totalRows_getCust; $totalRows_getCust equaled 4 and thats the correct total Am I asking for trouble going this way? I'm new to this and learning as I go. Quote Link to comment Share on other sites More sharing options...
kickstart Posted August 6, 2009 Share Posted August 6, 2009 Hi It is the way I would do it. Just make sure that $userid is escaped properly to make sure it hasn't got any malicious code in it. All the best Keith Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.