Jump to content

Failed Query

dodgeitorelse3

By dodgeitorelse3
in PHP Coding Help

 Share

Recommended Posts

dodgeitorelse3 Advanced Member

dodgeitorelse3

Posted
Posted (edited)

ok so I am trying to learn to use $_POST. I have written a query with a where clause is using the $_POST but I keep getting query failed. I know the $_POST works as I can echo the value. Can anyone spot my error?

 

$result = mysql_query("select * from lgsl where `comment'= ".$POST['comment']."")
or die('Error, query failed');

Edited by dodgeitorelse3
Link to comment
https://forums.phpfreaks.com/topic/270866-failed-query/
Share on other sites
Andy123 Newbie

Andy123

Posted
Posted (edited) 

$result = mysql_query("select * from lgsl where comment = '" . $_POST['comment'] . "'") or die(mysql_error());

 

I removed the quotes around the "comment" column name because they are not necessary - and one of them was of the wrong type. I also added quotes around the POST value you are inserting because you will be searching for a string. I also corrected $POST to $_POST to use the superglobal array.

 

If there is an error, it should now show this error because I added a function call within the die() call.

 

You should also watch out for SQL injection.

Edited by Andy123
Link to comment
https://forums.phpfreaks.com/topic/270866-failed-query/#findComment-1393391
Share on other sites
dodgeitorelse3 Advanced Member

dodgeitorelse3

Posted
  • Author
Posted

ty guys, worked with

$result = mysql_query("select * from lgsl where `comment`= '".$_POST['comment']."'")
or die('Error, query failed');

now about the injection thing? Is it really something I need to worry about since I am the only one that has access to this file?

Link to comment
https://forums.phpfreaks.com/topic/270866-failed-query/#findComment-1393394
Share on other sites
dannon Member

dannon

Posted
Posted

ty guys, worked with

$result = mysql_query("select * from lgsl where `comment`= '".$_POST['comment']."'")
or die('Error, query failed');

now about the injection thing? Is it really something I need to worry about since I am the only one that has access to this file?

If you are the only one who is going to use it then no.

But you should still learn how to prevent SQL Injections and stuff.

Link to comment
https://forums.phpfreaks.com/topic/270866-failed-query/#findComment-1393396
Share on other sites
AyKay47 Member

AyKay47

Posted
Posted

Good practices should be exercised from the very beginning of learning how to code in a certain language.

In this particular case, any data that comes from a user and is used in a query needs to be properly sanitized using mysql_real_escape_string to prevent SQL Injection as noted earlier.

Link to comment
https://forums.phpfreaks.com/topic/270866-failed-query/#findComment-1393402
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.