help retrieving all columns from select statement

[snteran]

I was able to utilize overlib to help create pop up windows for selected rows of data.  However not all of the pop ups are working, my guess is that some of the information in the select statement is causing an issue.

 

Mysql code:

<?php
// The below query is used for category searches
switch($search)
{
case 'category' :
$query_asset_details="SELECT itc_tickets.ticket_nbr, itc_tickets.ticket_status, itc_tickets.ticket_category, itc_tickets.ticket_priority, itc_tickets.issued_by, itc_tickets.assigned_to, itc_tickets.lastupdt_date, itc_tickets.create_date, itc_tickets.description FROM itc_tickets, itc_priority_listing, itc_status_listing WHERE itc_tickets.ticket_category = '$category' AND itc_tickets.ticket_priority = itc_priority_listing.priority_name AND itc_tickets.ticket_status = itc_status_listing.status_name ORDER BY itc_status_listing.status_level ASC, itc_tickets.create_date DESC, itc_priority_listing.priority_level ASC, itc_tickets.ticket_nbr ASC";
break;
case 'keyword' :
$query_asset_details="SELECT itc_tickets.ticket_nbr, itc_tickets.ticket_status, itc_tickets.ticket_category, itc_tickets.ticket_priority, itc_tickets.issued_by, itc_tickets.assigned_to, itc_tickets.lastupdt_date, itc_tickets.create_date, itc_tickets.description FROM itc_tickets, itc_priority_listing, itc_status_listing WHERE itc_tickets.description LIKE $val AND itc_tickets.ticket_priority = itc_priority_listing.priority_name AND itc_tickets.ticket_status = itc_status_listing.status_name ORDER BY itc_status_listing.status_level ASC, itc_tickets.create_date DESC, itc_priority_listing.priority_level ASC, itc_tickets.ticket_nbr ASC";
if($result = mysql_query($query_asset_details)){
    if(mysql_num_rows($result) > 0){
        break;
    }else{
        $query_asset_details="SELECT itc_tickets.ticket_nbr, itc_tickets.ticket_status, itc_tickets.ticket_category, itc_tickets.ticket_priority, itc_tickets.issued_by, itc_tickets.assigned_to, itc_tickets.lastupdt_date, itc_tickets.create_date, itc_tickets.description FROM itc_tickets, itc_priority_listing, itc_status_listing, itc_tickets_notes WHERE itc_tickets_notes.notes_body LIKE $val AND itc_tickets.ticket_nbr = itc_tickets_notes.ticket_nbr AND itc_tickets.ticket_priority = itc_priority_listing.priority_name AND itc_tickets.ticket_status = itc_status_listing.status_name ORDER BY itc_status_listing.status_level ASC, itc_tickets.create_date DESC, itc_priority_listing.priority_level ASC, itc_tickets.ticket_nbr ASC";
    }
} 
break;
case 'user':
// The below query is for user searches
$query_asset_details="SELECT itc_tickets.ticket_nbr, itc_tickets.ticket_status, itc_tickets.ticket_category, itc_tickets.ticket_priority, itc_tickets.issued_by, itc_tickets.assigned_to, itc_tickets.lastupdt_date, itc_tickets.create_date, itc_tickets.description FROM itc_tickets, itc_priority_listing, itc_status_listing WHERE itc_tickets.issued_by LIKE '$user' AND itc_tickets.ticket_priority = itc_priority_listing.priority_name AND itc_tickets.ticket_status = itc_status_listing.status_name ORDER BY itc_status_listing.status_level ASC, itc_tickets.create_date DESC, itc_priority_listing.priority_level ASC, itc_tickets.ticket_nbr ASC";
break;
}
$asset_details = mysql_query($query_asset_details, $itc_admin) or die(mysql_error());
$row_asset_details = mysql_fetch_assoc($asset_details);
if (!$row_asset_details) {
   // Do something when data wasn't found
   $errorMessage .="No tickets found for that search criteria.<br>";
   include 'search.php'; // Show the form again!
   exit;
}
$totalRows_asset_details = mysql_num_rows($asset_details);
?>

 

PHP code:

<td><a href="javascript:void(0);" onmouseover="return overlib('<?php echo $row_asset_details['description']?>');" onmouseout="return nd();"><div align="center"><?php echo $row_asset_details['ticket_nbr']; ?></div></a></td>

 

 

Here is a description that is not showing.

 

We are experiencing a date format issue again and was hoping you could fix again. The import from Solomon to Custom came over with the wrong date format. The import from Solomon is a four digit year and it needs to be only two digits. We can fix the import format, but we need help removing the imported items from Custom. If you need to see the date format that I am talking about, please reference in R - I - CL3ULT012, you will see that the format is incorrect and needs to be removed. Sorry about this, evidently this happened earlier so hopefully it should be an easy fix for you. example: CL3ULT012 NA 012964 324013 10/31/05 PH 1890.00 0.170 321.30 ? CL3ULT012 NA 013154 13154 11/7/200 RC 2700.00 0.183 494.10 ?

 

Thanks for any help.

[snteran]

I tried something and it did not help, I was hoping to see if what I tried is just added wrong.  In the existing code there is a function that I believe helps prevent mysql injections.  The function is called GetSQLValueString, code:

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

 

I figured this should clean up the description text so that no characters would cause a problem. 

 

I also added after my mysql query.

 

$description = GetSQLValueString($row_asset_details['description'], "text");

 

I know that $description has the right information, I'm just not sure that I'm running it through the function correctly or if in fact I have other issue with the text that is not showing up. 

 

Please let me know if anyone needs further information.

 

Thanks