danmo Posted September 14, 2012 Share Posted September 14, 2012 Hello, I'm not sure whether to put this in the PHP or MySQL section, but here goes. Here is my PHP code: $queryUSR = "SELECT * FROM usr_permissions WHERE usr_id =".$_REQUEST['usr_id']."AND dept_id=".$_SESSION['SESS_CURLHD_ID']; However, I always get the following error if I include the part from "AND dept_id..." on. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 The field names are all correct and the variable names as well. If I put in the select statement in MySQL workbench, it also produces the correct results. Thank you for your time. Quote Link to comment Share on other sites More sharing options...
beyzad Posted September 14, 2012 Share Posted September 14, 2012 Hello, I'm not sure whether to put this in the PHP or MySQL section, but here goes. Here is my PHP code: $queryUSR = "SELECT * FROM usr_permissions WHERE usr_id =".$_REQUEST['usr_id']."AND dept_id=".$_SESSION['SESS_CURLHD_ID']; However, I always get the following error if I include the part from "AND dept_id..." on. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 The field names are all correct and the variable names as well. If I put in the select statement in MySQL workbench, it also produces the correct results. Thank you for your time. Hi. Maybe you should add a space before AND? And hello? Where are you quotations? Quote Link to comment Share on other sites More sharing options...
Jessica Posted September 14, 2012 Share Posted September 14, 2012 Echo the entire query. Post the section of PHP code. Read this post: http://forums.phpfreaks.com/index.php?topic=365029.msg1730174#msg1730174 Quote Link to comment Share on other sites More sharing options...
Barand Posted September 14, 2012 Share Posted September 14, 2012 If you are going to concatenate string values, don't forget to leave spaces. Or $queryUSR = "SELECT * FROM usr_permissions WHERE usr_id = {$_REQUEST['usr_id']} AND dept_id = {$_SESSION['SESS_CURLHD_ID']}"; @beyzad And if those ids are numeric they don't need (and shouldn't have) quotes Quote Link to comment Share on other sites More sharing options...
Jessica Posted September 14, 2012 Share Posted September 14, 2012 @Barand I think his user id var is empty too. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted September 15, 2012 Share Posted September 15, 2012 beyzad: You also need to read up on SQL injections, output escaping and input validation. Your script is wide open to for anyone who'd like to attack it, and thus retrieve any information they like from the database. Quote Link to comment Share on other sites More sharing options...
Barand Posted September 15, 2012 Share Posted September 15, 2012 Pay attention, Christian!. Danmo was the guy who posted the query Quote Link to comment Share on other sites More sharing options...
Christian F. Posted September 15, 2012 Share Posted September 15, 2012 Damnit! This laptop screen is too small. *Assumes the flogging position.* Quote Link to comment Share on other sites More sharing options...
beyzad Posted September 15, 2012 Share Posted September 15, 2012 Man you made me scare Quote Link to comment Share on other sites More sharing options...
Christian F. Posted September 15, 2012 Share Posted September 15, 2012 Heh, sorry about that. Though, never hurts to read up on those subjects still: Always nice to keep current. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.