The worst thing about asking for help is when you know you are off by just a <br />few characters (my gut feeling anyway). My problem is trying to use an SQL<br />WHERE clause. The background to the situation is this. I've finally got my DB<br />up and running (yay!) and now what I am doing is creating page 'A' that allows<br />a user to put into a form a price (say 50 dollars). After clicking submit, it then<br />goes to the next page and scrubs through the DB to display only the values<br />that are less than the price inputted. It seems to work ok, but the 2nd page<br />doesn't display anything other than my html code. Using other code from a <br />sample page I know the DB is populated with 5 entries, so at least 1 should<br />show up. Here is the SQL statement that is wrong that I am using:<br /><br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->$result = @mysql_query('SELECT * FROM tblproducts WHERE price <= ".$maxprice."');<!--c2--></div><!--ec2--><br /><br />HMMM, now that I think of it, the database is set up so the price field is a<br />Float (remembering from my C days that was the decimal one). Should it<br />be a different field type? <br /><br />Sorry for the long question... any help is greatly appreciated... as usual! <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/notworthy.gif" style="vertical-align:middle" emoid=":notworthy:" border="0" alt="notworthy.gif" /><!--content-->
I think you have the single and double quotes reversed, and I'm not sure why you have the dots on each side of the variable. I would try the following:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->$result = @mysql_query("SELECT * FROM tblproducts WHERE price <= '$maxprice'");<!--c2--></div><!--ec2--><br />I don't know if your script code already handles this or not, but you should not trust what a user enters and directly include it in a MySQL query. This can leave your script vulnerable to MySQL injection attacks. I would modify the above query to the following to prevent this:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->$result = @mysql_query("SELECT * FROM tblproducts WHERE price <= '" . mysql_real_escape_string($maxprice) . "'");<!--c2--></div><!--ec2--><!--content-->
I knew it would be something easy that I was doing wrong. I had the<br />double & single quotes backwards. As for the periods, I had added them<br />when the first couple of tries didn't work and had seen them on some<br />site (can't remember which one) and was desperate to try anything. I<br />am very new to PHP and am in the process of reading a book at home<br />so I have no clue what the periods do anyway. <br /><br />I will also look into using the modified version that you show to stop attacks. As usual, I am indebted to others for helping me find my way!<!--content-->
<!--QuoteBegin-dph1077+Jun 7 2005, 10:19 AM--><div class='quotetop'>QUOTE(dph1077 @ Jun 7 2005, 10:19 AM)</div><div class='quotemain'><!--QuoteEBegin-->As for the periods, I had added them when the first couple of tries didn't work and had seen them on some site (can't remember which one) and was desperate to try anything. I am very new to PHP and am in the process of reading a book at home so I have no clue what the periods do anyway. <br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=134131"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><!--QuoteEnd--></div><!--QuoteEEnd--><br />Outside of a string, the "." is the string concatenation operator (it joins strings together). For example:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->echo 'This ' . 'is ' . 'a ' . 'test.';<!--c2--></div><!--ec2--><br />...is equivalent to:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->echo 'This is a test.';<!--c2--></div><!--ec2--><br />Inside of a string, the "." is just a plain dot character. Because of the way your original query was written, the "." was a part of the string instead of outside of it, so it was behaving as an ordinary character.<!--content-->
<!--QuoteBegin-TCH-David+Jun 7 2005, 12:40 PM--><div class='quotetop'>QUOTE(TCH-David @ Jun 7 2005, 12:40 PM)</div><div class='quotemain'><!--QuoteEBegin--><!--QuoteBegin-dph1077+Jun 7 2005, 10:19 AM--><div class='quotetop'>QUOTE(dph1077 @ Jun 7 2005, 10:19 AM)</div><div class='quotemain'><!--QuoteEBegin-->As for the periods, I had added them when the first couple of tries didn't work and had seen them on some site (can't remember which one) and was desperate to try anything. I am very new to PHP and am in the process of reading a book at home so I have no clue what the periods do anyway.?<br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=134131"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><!--QuoteEnd--></div><!--QuoteEEnd--><br />Outside of a string, the "." is the string concatenation operator (it joins strings together). For example:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->echo 'This ' . 'is ' . 'a ' . 'test.';<!--c2--></div><!--ec2--><br />...is equivalent to:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->echo 'This is a test.';<!--c2--></div><!--ec2--><br />Inside of a string, the "." is just a plain dot character. Because of the way your original query was written, the "." was a part of the string instead of outside of it, so it was behaving as an ordinary character.<br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=134135"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><br /><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br /><br />Thanks for the quick tutorial! It was a much easier subject than I thought.<!--content-->
I think you have the single and double quotes reversed, and I'm not sure why you have the dots on each side of the variable. I would try the following:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->$result = @mysql_query("SELECT * FROM tblproducts WHERE price <= '$maxprice'");<!--c2--></div><!--ec2--><br />I don't know if your script code already handles this or not, but you should not trust what a user enters and directly include it in a MySQL query. This can leave your script vulnerable to MySQL injection attacks. I would modify the above query to the following to prevent this:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->$result = @mysql_query("SELECT * FROM tblproducts WHERE price <= '" . mysql_real_escape_string($maxprice) . "'");<!--c2--></div><!--ec2--><!--content-->
I knew it would be something easy that I was doing wrong. I had the<br />double & single quotes backwards. As for the periods, I had added them<br />when the first couple of tries didn't work and had seen them on some<br />site (can't remember which one) and was desperate to try anything. I<br />am very new to PHP and am in the process of reading a book at home<br />so I have no clue what the periods do anyway. <br /><br />I will also look into using the modified version that you show to stop attacks. As usual, I am indebted to others for helping me find my way!<!--content-->
<!--QuoteBegin-dph1077+Jun 7 2005, 10:19 AM--><div class='quotetop'>QUOTE(dph1077 @ Jun 7 2005, 10:19 AM)</div><div class='quotemain'><!--QuoteEBegin-->As for the periods, I had added them when the first couple of tries didn't work and had seen them on some site (can't remember which one) and was desperate to try anything. I am very new to PHP and am in the process of reading a book at home so I have no clue what the periods do anyway. <br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=134131"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><!--QuoteEnd--></div><!--QuoteEEnd--><br />Outside of a string, the "." is the string concatenation operator (it joins strings together). For example:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->echo 'This ' . 'is ' . 'a ' . 'test.';<!--c2--></div><!--ec2--><br />...is equivalent to:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->echo 'This is a test.';<!--c2--></div><!--ec2--><br />Inside of a string, the "." is just a plain dot character. Because of the way your original query was written, the "." was a part of the string instead of outside of it, so it was behaving as an ordinary character.<!--content-->
<!--QuoteBegin-TCH-David+Jun 7 2005, 12:40 PM--><div class='quotetop'>QUOTE(TCH-David @ Jun 7 2005, 12:40 PM)</div><div class='quotemain'><!--QuoteEBegin--><!--QuoteBegin-dph1077+Jun 7 2005, 10:19 AM--><div class='quotetop'>QUOTE(dph1077 @ Jun 7 2005, 10:19 AM)</div><div class='quotemain'><!--QuoteEBegin-->As for the periods, I had added them when the first couple of tries didn't work and had seen them on some site (can't remember which one) and was desperate to try anything. I am very new to PHP and am in the process of reading a book at home so I have no clue what the periods do anyway.?<br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=134131"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><!--QuoteEnd--></div><!--QuoteEEnd--><br />Outside of a string, the "." is the string concatenation operator (it joins strings together). For example:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->echo 'This ' . 'is ' . 'a ' . 'test.';<!--c2--></div><!--ec2--><br />...is equivalent to:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->echo 'This is a test.';<!--c2--></div><!--ec2--><br />Inside of a string, the "." is just a plain dot character. Because of the way your original query was written, the "." was a part of the string instead of outside of it, so it was behaving as an ordinary character.<br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=134135"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><br /><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br /><br />Thanks for the quick tutorial! It was a much easier subject than I thought.<!--content-->