bgyuk Posted April 20, 2012 Share Posted April 20, 2012 Hi all i have a silly noob question.... When i directly query my database with the following i get the exact result i want....... SELECT * FROM posts WHERE postTopic=3 AND postSubject=business; However when i try this using the following PHP....... $sql = "SELECT * FROM posts WHERE postTopic =" . mysql_real_escape_string($_GET['id']) . "AND postSubject='" . $_SESSION[forum] . "'"; I get no result I also get the correct results from $sql = "SELECT * FROM posts WHERE postTopic =" . mysql_real_escape_string($_GET['id']) . "; and $sql = "SELECT * FROM posts WHERE postSubject='" . $_SESSION[forum] . "'"; mysql_real_escape_string($_GET['id']) is an integer and $_SESSION[forum] is a string. I know this has something to do with the manner in which the query is passed with the AND and the string but i can't for the life of my work out where i am going wrong. Thanks for any help. Link to comment https://forums.phpfreaks.com/topic/261285-noob-question/ Share on other sites More sharing options...
KevinM1 Posted April 20, 2012 Share Posted April 20, 2012 $_SESSION['forum'] Note the quotes. Link to comment https://forums.phpfreaks.com/topic/261285-noob-question/#findComment-1338945 Share on other sites More sharing options...
bgyuk Posted April 20, 2012 Author Share Posted April 20, 2012 $_SESSION['forum'] Note the quotes. Tried it and no joy. However it would not make sense to me if it did work as $_SESSION[forum] is the actual string value. also $sql = "SELECT * FROM posts WHERE postSubject='" . $_SESSION[forum] . "'"; works perfectly Link to comment https://forums.phpfreaks.com/topic/261285-noob-question/#findComment-1338946 Share on other sites More sharing options...
bgyuk Posted April 20, 2012 Author Share Posted April 20, 2012 On second thoughts i think that part of the code is fine. Link to comment https://forums.phpfreaks.com/topic/261285-noob-question/#findComment-1338948 Share on other sites More sharing options...
KevinM1 Posted April 20, 2012 Share Posted April 20, 2012 In PHP, strings are denoted with quotes. Unquoted entries are treated as constants. Link to comment https://forums.phpfreaks.com/topic/261285-noob-question/#findComment-1338949 Share on other sites More sharing options...
l0gic Posted April 20, 2012 Share Posted April 20, 2012 I may be wrong but shouldn't you be getting a parse error with: $sql = "SELECT * FROM posts WHERE postTopic =" . mysql_real_escape_string($_GET['id']) . "; ..due the the last double quote 'opening' but not being 'closed'? I'd imagine $sql = "SELECT * FROM posts WHERE postTopic =" . mysql_real_escape_string($_GET['id']); ..would suffice? Either way.. Do you actually need the 'AND' in the query, I can't see all your code but it seems redundant. Edit: Fixed typo. Link to comment https://forums.phpfreaks.com/topic/261285-noob-question/#findComment-1338965 Share on other sites More sharing options...
creata.physics Posted April 20, 2012 Share Posted April 20, 2012 Shouldn't we always have single quotes wrapped around the value even if it is an integer? I'd have it: $sql = "SELECT * FROM posts WHERE postTopic ='" . mysql_real_escape_string($_GET['id']) . "'"; Btw I know that wasn't releated to the actual issue, just thought I'd ask/mention it. Link to comment https://forums.phpfreaks.com/topic/261285-noob-question/#findComment-1338967 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.