Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

trouble with PHP/sql syntax

Posted on 2011-09-08
13
Medium Priority
?
207 Views
Last Modified: 2012-05-12
In PHP, I"m trying to use a query something like this:

$query = mssql_query("SELECT     CUSTOMER
FROM         SSCUSTOM
WHERE     (CUSTOMER LIKE '%$customer%')
 ");

I've tried various combinations of punctuation to properly offset the $customer variable, but nothing has worked.  Can someone help?

thanks.
0
Comment
Question by:kennmurrah
  • 5
  • 3
  • 2
  • +2
13 Comments
 
LVL 2

Expert Comment

by:shdwmage
ID: 36504710
Try this
$query = 'SELECT customer FROM sscustomer WHERE (Customer like %' . $customer . '%)';

$result = @mdsql_query($query);

Open in new window

0
 
LVL 2

Expert Comment

by:shdwmage
ID: 36504716
err MSsql not Mdsql fat fingers sorry.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 36504925
This is the format that I'm using on a working example.  I'm assuming that your field and table names are the correct case.  Depends on whether you have set up your database to be case sensitive or not.
$query = mssql_query("SELECT CUSTOMER FROM SSCUSTOM WHERE CUSTOMER LIKE '%$customer%'");

Open in new window

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 2000 total points
ID: 36505121
Or if Dave's won't work, try this:


$query = mssql_query("SELECT CUSTOMER FROM SSCUSTOM WHERE CUSTOMER LIKE '%".$customer."%'");

Open in new window

0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 36505132
... of course I'm sure Dave is right :P
0
 

Author Comment

by:kennmurrah
ID: 36505215
I just noticed that I'm getting the error: "Warning: mysql_fetch_array(): supplied resource is not a valid MySQL result resource in /var/www/psilookup/2.php on line 11" ....

<?php
$connect = mssql_connect("psi", "php", "holistic") or die ("couldn't
connect");

mssql_select_db('[PS11_0_2]', $connect);

$query = mssql_query("SELECT CUSTOMER FROM SSCUSTOM WHERE CUSTOMER LIKE '%".$customer."%'");

	 if ($row = mysql_fetch_array($query)) { 
do { 
	$customer = $row["CUSTOMER"];
	$url_customer = urlencode($customer);
	
 echo "<a href=\"3.php?customer=$url_customer\">" . $customer . "</a><br>";
// echo "<a href=\"3.php?customer=$url_customer\">" . $customer .  "</a><br>";
}
 while($row = mysql_fetch_array($result)); } else {print "<p> No matches found.";} 
 
 ?>

Open in new window


so I'm really confused now.

0
 
LVL 2

Expert Comment

by:shdwmage
ID: 36505385
I believe it has to do with your if statement.  you aren't performing the query and saving it anywhere.
0
 
LVL 2

Expert Comment

by:shdwmage
ID: 36505387
Nevermind, i read it wrong.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 36505407
!! You can't mix MySQL and MS SQL, they are two different databases and drivers.
0
 
LVL 2

Expert Comment

by:shdwmage
ID: 36505413
I am not sure if this makes a difference or not:

You have MSSQL in one location and MYSQL in the other.

<?php
$connect = mssql_connect("psi", "php", "holistic") or die ("couldn't connect");

mssql_select_db('[PS11_0_2]', $connect);

$query = mssql_query("SELECT CUSTOMER FROM SSCUSTOM WHERE CUSTOMER LIKE '%".$customer."%'");

if ($row = mssql_fetch_array($query)) { 
	do { 
		$customer = $row["CUSTOMER"];
		$url_customer = urlencode($customer);
		echo "<a href=\"3.php?customer=$url_customer\">" . $customer . "</a><br>";
		// echo "<a href=\"3.php?customer=$url_customer\">" . $customer .  "</a><br>";
		}
		while($row = mysql_fetch_array($result)); 
	} 
	else {
		print "<p> No matches found.";
		} 

?>

Open in new window

0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 36505418
Here's the correction but that code does not look complete.
<?php
$connect = mssql_connect("psi", "php", "holistic") or die ("couldn't
connect");

mssql_select_db('[PS11_0_2]', $connect);

$query = mssql_query("SELECT CUSTOMER FROM SSCUSTOM WHERE CUSTOMER LIKE '%".$customer."%'");

         if ($row = mysql_fetch_array($query)) { 
do { 
        $customer = $row["CUSTOMER"];
        $url_customer = urlencode($customer);
        
 echo "<a href=\"3.php?customer=$url_customer\">" . $customer . "</a><br>";
// echo "<a href=\"3.php?customer=$url_customer\">" . $customer .  "</a><br>";
}
 while($row = mssql_fetch_array($result)); } else {print "<p> No matches found.";} 
 
 ?>

Open in new window

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 36516439
Warning: mysql_fetch_array(): supplied resource is not a valid MySQL result ...

This almost always means the query failed.  MySQL is not a black box.  It can and will fail, sometimes for reasons that are outside of your control, and your programming needs to test for success whenever you make a call to MySQL.  When a query fails you will want to know why.

To understand why, you need to see the contents of mysql_error().  Here is a little code snippet with some teaching examples for a few of the basics in PHP + MySQL.  As you can see, it will help you visualize the query string and any errors that might occur.

If you want a good learning resource on the subject, this book is very readable and has excellent examples.
http://www.sitepoint.com/books/phpmysql4/

HTH, ~Ray
<?php // RAY_mysql_example.php
error_reporting(E_ALL);


// THE ABSOLUTE MINIMUM YOU MUST UNDERSTAND TO USE PHP AND MYSQL
// MAN PAGE: http://php.net/manual/en/ref.mysql.php
// MAN PAGE: http://php.net/manual/en/mysql.installation.php
// MAN PAGE: http://php.net/manual/en/function.mysql-connect.php
// MAN PAGE: http://php.net/manual/en/function.mysql-select-db.php
// MAN PAGE: http://php.net/manual/en/function.mysql-real-escape-string.php
// MAN PAGE: http://php.net/manual/en/function.mysql-query.php
// MAN PAGE: http://php.net/manual/en/function.mysql-errno.php
// MAN PAGE: http://php.net/manual/en/function.mysql-error.php
// MAN PAGE: http://php.net/manual/en/function.mysql-num-rows.php
// MAN PAGE: http://php.net/manual/en/function.mysql-fetch-assoc.php
// MAN PAGE: http://php.net/manual/en/function.mysql-fetch-array.php
// MAN PAGE: http://php.net/manual/en/function.mysql-insert-id.php



// CONNECTION AND SELECTION VARIABLES FOR THE DATABASE
$db_host = "localhost"; // PROBABLY THIS IS OK
$db_name = "??";        // GET THESE FROM YOUR HOSTING COMPANY
$db_user = "??";
$db_word = "??";


// OPEN A CONNECTION TO THE DATA BASE SERVER
if (!$db_connection = mysql_connect("$db_host", "$db_user", "$db_word"))
{
    $errmsg = mysql_errno() . ' ' . mysql_error();
    echo "<br/>NO DB CONNECTION: ";
    echo "<br/> $errmsg <br/>";
}

// SELECT THE MYSQL DATA BASE
if (!$db_sel = mysql_select_db($db_name, $db_connection))
{
    $errmsg = mysql_errno() . ' ' . mysql_error();
    echo "<br/>NO DB SELECTION: ";
    echo "<br/> $errmsg <br/>";
    die('NO DATA BASE');
}
// IF THE SCRIPT GETS THIS FAR IT CAN DO QUERIES




// ESCAPE AN EXTERNAL DATA FIELD FOR USE IN MYSQL QUERIES
$safe_username = mysql_real_escape_string($_POST["username"]);




// CREATE AND SEND A SELECT QUERY AND TEST THE RESULTS
$sql = "SELECT id FROM my_table WHERE username='$safe_username'";
$res = mysql_query($sql);

// IF mysql_query() RETURNS FALSE, SHOW THE ERROR
if (!$res)
{
    $errmsg = mysql_errno() . ' ' . mysql_error();
    echo "<br/>QUERY FAIL: ";
    echo "<br/>$sql <br/>";
    die($errmsg);
}
// IF WE GET THIS FAR, THE QUERY SUCCEEDED AND WE HAVE A RESOURCE-ID IN $res SO WE CAN NOW USE $res IN OTHER MYSQL FUNCTIONS




// DETERMINE HOW MANY ROWS OF RESULTS WE GOT
$num = mysql_num_rows($res);
if (!$num)
{
    echo "<br/>QUERY FOUND NO DATA: ";
    echo "<br/>$sql <br/>";
}
else
{
    echo "<br/>QUERY FOUND $num ROWS OF DATA ";
    echo "<br/>$sql <br/>";
}




// ITERATE OVER THE RESULTS SET TO SHOW WHAT WE FOUND
while ($row = mysql_fetch_assoc($res))
{
    var_dump($row);
}




// A WAY OF DETERMINING HOW MANY ROWS WE HAVE IN A TABLE
$sql = "SELECT COUNT(*) FROM my_table";
$res = mysql_query($sql);

// IF mysql_query() RETURNS FALSE, GET THE ERROR REASONS
if (!$res)
{
    $errmsg = mysql_errno() . ' ' . mysql_error();
    echo "<br/>QUERY FAIL: ";
    echo "<br/>$sql <br/>";
    die($errmsg);
}
// GET THE RESULTS SET ROW IN AN ARRAY WITH A NUMERIC INDEX - POSITION ZERO IS THE COUNT
$row = mysql_fetch_array($res, MYSQL_NUM);
$num = $row[0];
$fmt = number_format($num);
echo "<br/>THERE ARE $fmt ROWS IN THE TABLE";




// MAKING AN INSERT QUERY AND TESTING THE RESULTS
$sql = "INSERT INTO my_table (username) VALUES ('$safe_username')";
$res = mysql_query($sql);

// IF mysql_query() RETURNS FALSE, GET THE ERROR REASONS
if (!$res)
{
    $errmsg = mysql_errno() . ' ' . mysql_error();
    echo "<br/>QUERY FAIL: ";
    echo "<br/>$sql <br/>";
    die($errmsg);
}
// GET THE AUTO_INCREMENT ID OF THE RECORD JUST INSERTED - PER THE DB CONNECTION
$id  = mysql_insert_id($db_connection);
echo "<br/>YOU JUST INSERTED A RECORD WITH AUTO_INCREMENT ID = $id";

Open in new window

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 36562962
Interesting.  The answer accepted from Roads_Roads produces EXACTLY the same query string as the answer that was offered up by DaveBaldwin earlier.  Here is the code that proves it.  It is usually a good idea to test the code posted here at EE before you assume that something is right or wrong.

However the most important part about this question is understanding how to visualize errors.  In order to do that you would never create the query string in the same statement as the function call.  You would create the query string separately in its own variable, so you can print it out in case you get an error.
<?php // RAY_temp_kennmurrah.php
error_reporting(E_ALL);

$db = "SELECT CUSTOMER FROM SSCUSTOM WHERE CUSTOMER LIKE '%$customer%'";
$rr = "SELECT CUSTOMER FROM SSCUSTOM WHERE CUSTOMER LIKE '%".$customer."%'";

echo $db;
echo "<br/>";
echo $rr;

Open in new window

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to connect from SSMS v17.x to a SQL Server Integration Services 2016 instance or previous version, you get the error “Connecting to the Integration Services service on the computer failed with the following error: 'The specified service …
This holiday season, we’re giving away the gift of knowledge—tech knowledge, that is. Keep reading to see what hacks, tips, and trends we have wrapped and waiting for you under the tree.
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question