Schuyler Kuhl
asked on
mysql query string in link using urlencode
Greetings,
I have a sql query string that looks something like this:
SELECT * FROM listing_table WHERE (price>=0) AND (price<=1000000) AND (area_name='Town')
For paging through the results I have this: $search_url = urlencode($query); and then have a number of number links for page 2,3 4 and next previous and first last, as is pretty standard.
However when I click the next page now I get an error such as this:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'Town\') ORDER BY at line 1
So the ' mark around the search criteria obviously isn't correct. If I remove that part of the query string so that the search is only based on numerical criteria it works fine.
So my question is how do I properly make this search string useable in a url?
Thanks very much.
Sky
I have a sql query string that looks something like this:
SELECT * FROM listing_table WHERE (price>=0) AND (price<=1000000) AND (area_name='Town')
For paging through the results I have this: $search_url = urlencode($query); and then have a number of number links for page 2,3 4 and next previous and first last, as is pretty standard.
However when I click the next page now I get an error such as this:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'Town\') ORDER BY at line 1
So the ' mark around the search criteria obviously isn't correct. If I remove that part of the query string so that the search is only based on numerical criteria it works fine.
So my question is how do I properly make this search string useable in a url?
Thanks very much.
Sky
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
$query = "select column from table where price >= '".mysql_real_escape_strin g($low)."' and...
Sorry for not typing the whole thing out. I'm on my phone.
Sorry for not typing the whole thing out. I'm on my phone.
ASKER
thanks very much.
Yes I see this is the proper way to do it now.
Thanks I appreciate your help greatly.
Best regards,
Sky
Yes I see this is the proper way to do it now.
Thanks I appreciate your help greatly.
Best regards,
Sky
ASKER
Ok I am following you except for the last part about "wrapping all your variables in mysqlrealescapestring."
It is too bad though because I'm pretty sure this used to work. I guess I will just have to rewrite this part.
Thank you.