Jump to content


Photo

Odd result when mixing SQL and PHP


  • Please log in to reply
3 replies to this topic

#1 lyndsey.pearce@ntlworld.com

lyndsey.pearce@ntlworld.com
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 11 April 2006 - 06:40 PM

Hello!

I am trying to create a web front end editing page to modify database entries.
All my Primary Key fields in the database end in hash for consistency and denote it contains a whole number.

I wrote script A:

$selectquery = "SELECT * FROM Page";
$result = mysql_query($selectquery)
or die("Invalid query: " . mysql_error());
while ($row = mysql_fetch_array($result)) {

<?php echo ">>"; echo $row['ColumnEntry']; ?>

        <a href="deletepage.php?type=TableName&id=<?php
                    echo $row['PrimaryKeyField#']?>">[DELETE]</a></p>


When you click the link "DELETE" you get transfered to script B:

 $sql = "DELETE FROM " . $_GET['type'] . "
            WHERE " . $_GET['type'] . "# = '" . $_GET['id'] . "'
            LIMIT 1";

            echo "$sql";


Interestingly, the sql statement I echo out is:

DELETE FROM TableName WHERE PrimaryKeyField# = '1' LIMIT 1

However, I get this error:

Invalid query: Unknown column 'PrimaryKeyField' in 'where clause' 

It misses out the hash. I have attached the hash symbol in the where clause like so:

WHERE " . $_GET['type'] . "# = '" . $_GET['id'] . "'

And it is visible from the echo output.

What am I doing wrong, is it the way I mixed PHP and MySQL?
Is this even a PHP issue or a MySQL one?

Can anyone point out my mistake please?




Cheers!

#2 craygo

craygo
  • Staff Alumni
  • Advanced Member
  • 1,973 posts
  • LocationRhode Island

Posted 11 April 2006 - 06:51 PM

Well first thing i notice is that you are using $_GET['type'] in 2 different places but giving the same info.

Unless your table name is the same as your field name you are going to get an error. Cause acording to your parameters your sql is going to look like this.

DELETE FROM TableName WHERE TableName# = '1' LIMIT 1

Might have to modify your code to pass the tablename, primarykeyfield and id. Not just tablename and id.

Or since you know the table name and field name just get the id

DELETE FROM TableName WHERE PrimaryKeyField# = '".$_GET['id']."'";

Only way you need to do all the other stuff is if your list is coming from several tables, which it looks like it isn't

Ray




#3 lyndsey.pearce@ntlworld.com

lyndsey.pearce@ntlworld.com
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 12 April 2006 - 11:51 AM

Hey thanks alot for your help Ray!

I took your advice and got shot of the $_GET['type'] in two places and just used the name of the table and key field, as I am only querying 1 table.

I did notice something odd though. Something somewhere doesn't like the use of "#" in the name. I was using the same name for the PK field as for the table, except the key field is tablename#.

I can change this to anything else and the query works. Change it to something#, and I get an invalid query error.


Aah well!



Lyndsey

#4 craygo

craygo
  • Staff Alumni
  • Advanced Member
  • 1,973 posts
  • LocationRhode Island

Posted 12 April 2006 - 02:27 PM

If you are going to use that then enclose the field or table name in back ticks

`PrimaryKeyField#`

Ray




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users