Solved

why does this query execute fine in MySQL but not using mysql_query()?

Posted on 2011-02-27
6
351 Views
Last Modified: 2013-12-13
the following query
set @num := 0, @shop_id := NULL;


select shop_id, date
from (
   select shop_id, date,
      @num := if(@shop_id = shop_id, @num + 1, 1) as row_number,
      @shop_id := shop_id as dummy
  from products
  order by shop_id, date DESC
) as x where x.row_number <= 10;

Open in new window

executes fine when I run it through phpMyAdmin, but when I run it against the same database using
$query = "SET @num :=0,
@shop_id := NULL ;
SELECT shop_id, date
FROM (
SELECT shop_id, date, @num := IF( @shop_id = shop_id, @num +1, 1 ) AS row_number, @shop_id := shop_id AS dummy
FROM products
ORDER BY shop_id, DATE DESC
) AS x
WHERE x.row_number <=10;";

$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

Open in new window

I get
Query: SET @num :=0, @shop_id := NULL ; SELECT shop_id, date FROM ( SELECT shop_id, date, @num := IF( @shop_id = shop_id, @num +1, 1 ) AS row_number, @shop_id := shop_id AS dummy FROM products ORDER BY shop_id, DATE DESC ) AS x WHERE x.row_number <=10; 
MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '; SELECT shop_id, date FROM ( SELECT shop_id, date, @num := IF( @shop_id = shop_' at line 2

Open in new window

what am I doing wrong? I noticed that if I remove the user variable initialization line ('SET' etc.) the query executes, but obviously not with the correct result.
0
Comment
Question by:bitt3n
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 34993089
It appears that you cannot execute multiple ";" spearated queries in one mysql_query.
http://www.php.net/manual/en/function.mysql-query.php#16878
You have to do that one at a time.
0
 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 500 total points
ID: 34993094
Try like this:

$query = "SET @num :=0, @shop_id := NULL ;";
$result = mysql_query($query);
$query = "SELECT shop_id, date
FROM (
SELECT shop_id, date, @num := IF( @shop_id = shop_id, @num +1, 1 ) AS row_number, @shop_id := shop_id AS dummy
FROM products
ORDER BY shop_id, DATE DESC
) AS x
WHERE x.row_number <=10;";

$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

Open in new window

0
 

Author Comment

by:bitt3n
ID: 34993128
thanks that works. I foolishly didn't realize the variables would persist between the calls to mysql_query().

I'm curious, given the fact that mysql_query() only accepts one query at a time, how a sql injection is ever possible, since my understanding is that the injection occurs when someone adds a second query to the first when submitting data, as in

'; DROP DATABASE;

or whatever.
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 

Author Closing Comment

by:bitt3n
ID: 34993129
thanks!
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 34993147
Good point. This is the prevention for executing multiple queries. You cannot drop database in mysql_query, but you can add string variables ' or 1= 1 '.
0
 

Author Comment

by:bitt3n
ID: 34993187
ah that makes sense thanks again
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question