[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 182
  • Last Modified:

SQL statement not working

Is the $_GET statement typed wrong here?

$SQLstr = mysql_query("SELECT strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strlicense, strInsured, strBonded, strHours, str24houremerg, strOtherservices, strServicearea, strInbusiness_since, strServicesoffered, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size, strImage FROM tblAdspace WHERE providerID = " $_GET["providerID"]
or die("SQL statement is not working");
0
pingeyeg
Asked:
pingeyeg
  • 3
  • 2
  • 2
3 Solutions
 
Cornelia YoderArtistCommented:
NEVER EVER use a form input directly in a query!!  It's wide open to SQL Injection hacking.



$providerID = $_GET["providerID"];

Then

$SQLstr = mysql_query("SELECT strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strlicense, strInsured, strBonded, strHours, str24houremerg, strOtherservices, strServicearea, strInbusiness_since, strServicesoffered, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size, strImage FROM tblAdspace WHERE providerID = mysql_real_escape_string($providerID")
or die("SQL statement is not working");
0
 
Cornelia YoderArtistCommented:
Oops, missing )....

$SQLstr = mysql_query("SELECT strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strlicense, strInsured, strBonded, strHours, str24houremerg, strOtherservices, strServicearea, strInbusiness_since, strServicesoffered, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size, strImage FROM tblAdspace WHERE providerID = mysql_real_escape_string($providerID)")
or die("SQL statement is not working");
0
 
pingeyegAuthor Commented:
Ok, right now I am getting the "SQL statement is not working" string.
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
pingeyegAuthor Commented:
When using mysql_error() I get FUNCTION providers.mysql_real_escape_string does not exist
0
 
Steve BinkCommented:
$query = "SELECT strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strlicense, strInsured, strBonded, strHours, str24houremerg, strOtherservices, strServicearea, strInbusiness_since, strServicesoffered, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size, strImage FROM tblAdspace WHERE providerID = " . mysql_real_escape_string($providerID);
$result = mysql_query($query) or die("SQL statement is not working");
0
 
pingeyegAuthor Commented:
Is that just another way of writing the sql query?  Putting the mysql_query at the bottom?
0
 
Steve BinkCommented:
Just better organization for readability.  The problem in the statement was a combo of quotes and parenthesis.  
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now