Solved

SQL statement not working

Posted on 2007-03-18
7
174 Views
Last Modified: 2008-02-01
Is the $_GET statement typed wrong here?

$SQLstr = mysql_query("SELECT strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strlicense, strInsured, strBonded, strHours, str24houremerg, strOtherservices, strServicearea, strInbusiness_since, strServicesoffered, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size, strImage FROM tblAdspace WHERE providerID = " $_GET["providerID"]
or die("SQL statement is not working");
0
Comment
Question by:pingeyeg
  • 3
  • 2
  • 2
7 Comments
 
LVL 27

Assisted Solution

by:yodercm
yodercm earned 300 total points
ID: 18744787
NEVER EVER use a form input directly in a query!!  It's wide open to SQL Injection hacking.



$providerID = $_GET["providerID"];

Then

$SQLstr = mysql_query("SELECT strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strlicense, strInsured, strBonded, strHours, str24houremerg, strOtherservices, strServicearea, strInbusiness_since, strServicesoffered, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size, strImage FROM tblAdspace WHERE providerID = mysql_real_escape_string($providerID")
or die("SQL statement is not working");
0
 
LVL 27

Assisted Solution

by:yodercm
yodercm earned 300 total points
ID: 18744793
Oops, missing )....

$SQLstr = mysql_query("SELECT strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strlicense, strInsured, strBonded, strHours, str24houremerg, strOtherservices, strServicearea, strInbusiness_since, strServicesoffered, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size, strImage FROM tblAdspace WHERE providerID = mysql_real_escape_string($providerID)")
or die("SQL statement is not working");
0
 
LVL 1

Author Comment

by:pingeyeg
ID: 18744805
Ok, right now I am getting the "SQL statement is not working" string.
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 
LVL 1

Author Comment

by:pingeyeg
ID: 18744821
When using mysql_error() I get FUNCTION providers.mysql_real_escape_string does not exist
0
 
LVL 50

Accepted Solution

by:
Steve Bink earned 200 total points
ID: 18744880
$query = "SELECT strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strlicense, strInsured, strBonded, strHours, str24houremerg, strOtherservices, strServicearea, strInbusiness_since, strServicesoffered, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size, strImage FROM tblAdspace WHERE providerID = " . mysql_real_escape_string($providerID);
$result = mysql_query($query) or die("SQL statement is not working");
0
 
LVL 1

Author Comment

by:pingeyeg
ID: 18744896
Is that just another way of writing the sql query?  Putting the mysql_query at the bottom?
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 18761288
Just better organization for readability.  The problem in the statement was a combo of quotes and parenthesis.  
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question