jim.davidson Posted August 5, 2009 Share Posted August 5, 2009 $query_getCust = sprintf("SELECT * FROM customer WHERE updated_by = %s OR created_by =%s", GetSQLValueString($_POST['user_id'], "int")); Link to comment https://forums.phpfreaks.com/topic/168957-solved-will-this-query-statement-work/ Share on other sites More sharing options...
Maq Posted August 5, 2009 Share Posted August 5, 2009 Why don't you try it out first? Link to comment https://forums.phpfreaks.com/topic/168957-solved-will-this-query-statement-work/#findComment-891395 Share on other sites More sharing options...
jim.davidson Posted August 5, 2009 Author Share Posted August 5, 2009 Ok I trued it $userid = 1; mysql_select_db($database_mine, $mine); $query_getCust = sprintf("SELECT * FROM customer WHERE updated_by = %s OR created_by =%s", GetSQLValueString($userid, "int")); $getCust = mysql_query($query_getCust, $mine) or die(mysql_error()); $row_getCust = mysql_fetch_assoc($getCust); $totalRows_getCust = mysql_num_rows($getCust); echo $totalRows_getCust; Here's the error I'm getting. Warning: sprintf() [function.sprintf]: Too few arguments in C:\Sites\shoppe\testsql.php on line 38 Query was empty Link to comment https://forums.phpfreaks.com/topic/168957-solved-will-this-query-statement-work/#findComment-891417 Share on other sites More sharing options...
jim.davidson Posted August 5, 2009 Author Share Posted August 5, 2009 Sorry I meant to say tried, no trued. Also this is line 38 $query_getCust = sprintf("SELECT * FROM customer WHERE updated_by = %s OR created_by = %s", GetSQLValueString($userid, "int")); I think it has to do with GetSQLValueString($userid, "int"), I'm pretty sure I'm missing something here. Any help will be appreciated Link to comment https://forums.phpfreaks.com/topic/168957-solved-will-this-query-statement-work/#findComment-891456 Share on other sites More sharing options...
kickstart Posted August 5, 2009 Share Posted August 5, 2009 Hi Don't normally use sprintf, but it appears you are using 2 parameters in the SQL but only only passing one. So this would work (although horrible and pointless):- $query_getCust = sprintf("SELECT * FROM customer WHERE updated_by = %s OR created_by = %s", GetSQLValueString($userid, "int"), GetSQLValueString($userid, "int")); However not sure but think this would work and is better $query_getCust = sprintf("SELECT * FROM customer WHERE updated_by = %1$s OR created_by = %1$s", GetSQLValueString($userid, "int")); All the best Keith Link to comment https://forums.phpfreaks.com/topic/168957-solved-will-this-query-statement-work/#findComment-891472 Share on other sites More sharing options...
jim.davidson Posted August 5, 2009 Author Share Posted August 5, 2009 Ok I tried a different route, $userid = 1; $query_getCust = "SELECT * FROM customer WHERE updated_by = $userid OR created_by = $userid"; $row_getCust = mysql_fetch_assoc($getCust); $totalRows_getCust = mysql_num_rows($getCust); echo $totalRows_getCust; $totalRows_getCust equaled 4 and thats the correct total Am I asking for trouble going this way? I'm new to this and learning as I go. Link to comment https://forums.phpfreaks.com/topic/168957-solved-will-this-query-statement-work/#findComment-891487 Share on other sites More sharing options...
kickstart Posted August 6, 2009 Share Posted August 6, 2009 Hi It is the way I would do it. Just make sure that $userid is escaped properly to make sure it hasn't got any malicious code in it. All the best Keith Link to comment https://forums.phpfreaks.com/topic/168957-solved-will-this-query-statement-work/#findComment-892242 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.