Jump to content


Photo

Problem with sql query


  • Please log in to reply
3 replies to this topic

#1 jeva39

jeva39
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 04 September 2006 - 01:03 AM

Please what is the correct syntax for include a variable in a sql query like this:

$tipo=_GET['clas']

$sql = 'select id,clase,tema,ritmo,autor,arreglo,fecha,kar,nuevo,archivo from temas where CLASE like I NEED INCLUDE $tipo HERE order by ' . $sort;

Thanks in advanced....

#2 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 04 September 2006 - 01:14 AM

$tipo= $_GET['clas'];
$sql = "select id,clase,tema,ritmo,autor,arreglo,fecha,kar,nuevo,archivo from temas where CLASE like '" . $tipo . "' HERE order by " . $sort;

you may want to use '%" . $tipo . "%'

I still concatenate vars in a double quoted string so that I can see them a little easier in my chosen editor you don't have to for it to work but its just a habit (i think a good one) of mine

follow me on twitter @PHPsycho

#3 Jenk

Jenk
  • Members
  • PipPipPip
  • Advanced Member
  • 778 posts

Posted 04 September 2006 - 01:15 AM

sanitise user input.

#4 jeva39

jeva39
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 04 September 2006 - 05:37 AM

Thanks very much ToonMariner! All working fine  :) My problem is that I work many time with ASP and ASP.NET and I still confused with the PHP syntax. Really, thanks..

Jorge, Panamá




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users