intrigue

[pre] $search = "SELECT ct_vehicles.id,". " ct_vehicles.description,". " ct_vehicles.price,". " ct_vehicles.manufacturer,". " ct_vehicles.new,". " ct_sites.county,". " ct_images.id,". " ct_images.vehicleId". " FROM ct_vehicles". " LEFT JOIN ct_sites". " ON ct_vehicles.siteId = ct_sites.id". " RIGHT JOIN ct_images". " ON ct_vehicles.id = ct_images.vehicleId". " WHERE (".$where.")" " LIMIT ".$offset. ",".$rowsPerPage.";"; $where = my condition set (this is correct i think) $offset = Offset set by my paging alongside Rows per Page $rowsPerPage = As above; [/pre] In mysql 5 it displays the correct 35 records where as in mysql 4 it displays some 13000 records WTF. Any help appreciated, here's the output from an actual search. [pre]SELECT ct_vehicles.id, ct_vehicles.description, ct_vehicles.price, ct_vehicles.manufacturer, ct_vehicles.new, ct_sites.county, ct_images.id, ct_images.vehicleId FROM ct_vehicles LEFT JOIN ct_sites ON ct_vehicles.siteId = ct_sites.id RIGHT JOIN ct_images ON ct_vehicles.id = ct_images.vehicleId WHERE (ct_vehicles.description LIKE '%red%' OR ct_vehicles.manufacturer LIKE '%red%' OR ct_vehicles.colour LIKE '%red%' OR ct_vehicles.text LIKE '%red%' ) LIMIT 0,5;[/pre]

i am using mySQL and i don't think thats the function i should be using, its how to protect against SQL injection attacks everyone says use parameterized queries but no examples or tutorials matt

[code]  $result = db_query("SELECT id FROM ct_clients WHERE account = '?' AND password = '?';",                       $account, $password); [/code] Thats an example of a parameterized query. But i don't understand it so i can't implement it. Do they work with Insert queries or just Select? Any info is appreciated. matt

I want to secure myself and would like to know how to do parameterized queries can anyone explain it? Google doesn't help in my search haha Thanks matt

whats at line 41? matt

The following works on my local machine but not on the server, it basically checks the level of the user and displays an error if they are not the required level else it shows them the page, which should then call the $dest function i.e. [code]checkSession("displayColor", 3)[/code] would run the displayColor function if the user had an access level of 3 or more. Please help!!!! [code]function checkSession($dest, $level) { if (($_SESSION['access']) < $level) { ?> <h2>You are not authorized to view this page please login.</h2> <?php loginFrm(); } else { $dest(); } ; };[/code]

That would show all honda civics with locations but it might show one in say a coutny in scotland which is 600 miles away so the user will not care about that car. What i mean is only show cars within a certain distance. i.e. leicestershire and its surrounding areas. [img]http://www.bigonions.net/example1.jpg[/img] So i want to search everything in yellow, and would also be interested in black and red, but i dont care about blue as thats too far away. Does that make more sense? matt

Basically what i have is a table with vehicles and their location (counties) so say i have a vehicle Honda Civic (Leicestershire) Fiat Punto (Warwickshire) Ford Fiesta (Derbyshire) Honda Civic (Derbyshire) well basically i want users to be able to search for a Honda civic in Leicestershire which works fine but then i want to have a button which says "Search adjacent counties" which would mean searching Honda civic would find both the Leicestershire and Derbyshire ones as the two counties are adjacent. Now the way we have thought about doing it is have a table which stores counties and adjacent counties maybe using a column called adjacent counties with id's in them and then when the search happens it finds all honda civics and then checks they are within the county and adjacent counties. This seems like a strange way of doing it to me and there must be a better way but i cant think of it. I don't have any kind of post code ability as it looks as though we would have to pay for that kind of software. Any advice would be most welcomed Please help matt p.s. i know the explanation is not great so i will be more then happy to answer any questions to clarify things

I have been searching this but i figure asking would be quicker then all the syntax errors i am bound to make. Please can anyone tell me how i would check a form field for a correct input value of "1" "2" "3" and nothing else. Thanks in advance matt

Thanks i was able to test if affected rows = 1 or 0 and display my error message. ;D matt

Please can anyone tell me why i get this error with the following script [b]Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\Program Files\xampp\htdocs\autoFinder\admin\functions\authenticate.php on line 62[/b] [pre] if (isset($id)) { echo("hey"); $search = "SELECT * FROM ct_clients WHERE accountHash = '".$id."'"; $result = mysql_query($search) or die(mysql_error()); if ($row = mysql_fetch_array($result)) { $search2 = "UPDATE ct_clients SET password = '".md5($password)."' WHERE accountHash = '".$id."' LIMIT 1"; $result2 = mysql_query($search2) or die(mysql_error()); [b]// LINE62[/b] if ($row2 = mysql_fetch_array($result2)) { echo("Password updated<br />"); echo("Email sent.<br />"); } } } [/pre]