Jump to content

Small problem with a script

jwer78

By jwer78
in PHP Coding Help

 Share

Recommended Posts

jwer78 Newbie

jwer78

Posted
Posted

Ok I have this script that is used to bid on players for a football league I run. Some players names have punctuation in them. If I echo the query it is correct and I am able to run it via sqlyog but it does not work in the script. Any help would be greatly appreciated. Here is the part I  am having problems with.

$bthousand=$_POST["bthousand"];
$bmillion=$_POST["bmillion"];
$thousand=$_POST["thousand"];
$million=$_POST["million"];
$years=$_POST["years"];
$teamname=$_POST["teamname"];
$pass=$_POST["password"];
$player=$_POST["player"];
$position=$_POST["position"];
$ip=$_SERVER['REMOTE_ADDR'];
$today = date("F j, Y, g:i a");
$id=0;
//$player=ereg_replace("'","\'",$player);
// CONNECT TO DATABASE
    $db = @mysql_connect($host,$user,$password) or die("<html><head><body bgcolor=$bgcolor alink=$bglinkcolor vlink=$bglinkcolor link=$bglinkcolor>User Error!</body></html>");
    @mysql_select_db($database,$db) or die("<html><head><body bgcolor=$bgcolor alink=$bglinkcolor vlink=$bglinkcolor link=$bglinkcolor>Database Error!</body></html>");


//$player=stripslashes($player);
$sql_query = "SELECT * FROM madcat_players where name='$player' and pos='$position'";
$result= mysql_query($sql_query);
//echo $sql_query . "<br>\n";
$array= mysql_fetch_array($result);
$id = $array["id"];
if ($id > '0'){
$sql_query= "Select * from madcat_yearly_player_info where id='$id' order by year desc limit 1";

$result=mysql_query($sql_query);
//echo $sql_query . "<br>\n";
$array=mysql_fetch_array($result);
$overall=$array["ovr"];

}
else{
die("No such player found. Try again. Player is $player and position is $position");
}

You will see I have tried to replace the punctuation and stripslashes but nothing has made this work. It does work fine for any player name that has no punctuation in it. Thanks again.

Link to comment
https://forums.phpfreaks.com/topic/80274-small-problem-with-a-script/
Share on other sites
matstuff Newbie

matstuff

Posted
Posted

Hi,

 

When you say it works in SQLyog, does it return a row, or does it just run with zero results? If you echo the SQL, copy and paste that to SQLyok and then run that, does it still work?!

 

Your SQL isn't very efficient. You could achieve the same thing in one SELECT...

 

SELECT madcat_yearly_player_info.*, madcat_players.name AS playerName FROM madcat_players

INNER JOIN madcat_yearly_player_info USING(id)

WHERE playerName='splodge';

 

Or something like that anyway...!

 

Anyway, you can't strip the slashes!! As your example just showed, SELECT ... WHERE name='D'Wayne Matthews'

 

That's just not going to work! The string is terminated after the 'D' by the second single quote. You could try enclosing it in double quotes...

 

$sql_query = sprintf("SELECT * FROM madcat_players WHERE name = \"%s\" AND pos = \"%s\"", $player, $position)

matstuff Newbie

matstuff

Posted
Posted

Can you use the MySQL prompt directly?

 

SELECT * FROM madcat_players where name=' D'Wayne Matthews' and pos='LT'

 

That should not work! The number of single quotes is not matched. SQLyog must be doing something to that statement.

 

I just tried running the command: SELECT psnId, psnName FROM people WHERE psnName = 'M'at'

 

and MySQL was having none of it... I agree with jaymc - ' D\'Wayne Matthews' should work...

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.