Hi,
My form has 4 text fields, one of them receives string(only one word).
I am building $sql looking each field if they have any input or not...
$sql = "SELECT * FROM tableName";
after all if statements, $sql becomes something like following.
$sql = "SELECT * FROM tableName WHERE field1=$field1 AND field2=$field2 AND color=$color AND field4=$field4;
Everything works fine except color, which accepts string from user..I have checked if I am really getting data from form to my search function, found out that I am getting..
The error I keep getting for the color field is;
SQL query failed: SELECT * FROM tableName WHERE color = colorEnteredByUser;
SQL statement for above is;
SQL query failed: SELECT * FROM tableName WHERE color = $color;
Could anyone help me to understand where I am wrong? I think it is about string manipulation, since there is nothing wrong with other fields...
thanks a lot!
My form has 4 text fields, one of them receives string(only one word).
I am building $sql looking each field if they have any input or not...
$sql = "SELECT * FROM tableName";
after all if statements, $sql becomes something like following.
$sql = "SELECT * FROM tableName WHERE field1=$field1 AND field2=$field2 AND color=$color AND field4=$field4;
Everything works fine except color, which accepts string from user..I have checked if I am really getting data from form to my search function, found out that I am getting..
The error I keep getting for the color field is;
SQL query failed: SELECT * FROM tableName WHERE color = colorEnteredByUser;
SQL statement for above is;
SQL query failed: SELECT * FROM tableName WHERE color = $color;
Could anyone help me to understand where I am wrong? I think it is about string manipulation, since there is nothing wrong with other fields...
thanks a lot!