cbresources — 2013-03-31T23:24:22-04:00 — #1
I am trying to fetch data from a database but it seems not to work.
This is the code:
// Check if date already exists in the database
$searchQuery = "SELECT * from services WHERE 'date' = '".$newDate."'";
// echo $searchQuery;
$search = mysql_query($searchQuery);
$row = mysql_fetch_array($search);
When I echo the $searchQuery to check the syntax it is correct. I have copied and pasted it into phpMyadmin and run the query there and the result is found. However, for some reason it will not display on the web page. I don't know if this matters but when I run the query in phpMyAdmin - It says "Showing rows 0 - 0 ( 1 total, Query took 0.0007 sec)" - Does this matter?
What could be wrong?
r937 — 2013-04-01T06:50:01-04:00 — #2
no, you didn't, this query will not work in phpmyadmin either, not the way you wrote it here
'date' is a string
date is a qualified column name
look carefully, there's a difference
cbresources — 2013-04-01T09:52:55-04:00 — #3
Ok - Thanks. That's working now.
Perhaps you can help me with something else SQL Related... same project...
I am collecting data from a form to insert into the database. This is how I fetch the data from the form:
$originalDate = $_POST['date'];
$newDate = date("Y-m-d", strtotime($originalDate));
$howmany = $_POST['howmany'];
$musicContemp = $_POST['music_contemp'];
$musicReg = $_POST['music_reg'];
$minister = $_POST['minister'];
$topic = $_POST['topic'];
$desc = $_POST['desc'];
$forum = $_POST['forum_topic'];
$presenter = $_POST['presenter'];
$forumDesc = $_POST['forum_desc'];
$religious = $_POST['religious_ed'];
And this is how I build my query:
$query = "INSERT INTO services (
'" . $newDate . "',
'" . $howmany . "',
'" . $musicReg . "',
'" . $musicContemp . "',
'" . $minister . "',
'" . $topic . "',
'" . $desc . "',
'" . $forum . "',
'" . $presenter . "',
'" . $forumDesc . "',
'" . $religious . "')
$update = mysql_query($query);
if (! $update) exit(mysql_error());
else echo '
<span class="result-header">Sunday Services Form</span><br />
The details have been updated and will now appear on the website.
I need to know where in that code I use mysql_real_escape_string to make sure special characters entered into the form are escaped. When somebody enters something like "Let's see if this works" the query fails because it isn't escaped. I know I need to mysql_real_escape_string the values but I don't know where to put it.
r937 — 2013-04-01T15:22:02-04:00 — #4
sorry, what you're asking is only tangientially related to sql, it's actually a php question, and i'm sorry, i don't do php
starlion — 2013-04-02T08:52:19-04:00 — #5
pokes nose in, smelling PHP related stuff
mysql_real_escape_string may be used around any string (or variable) once the database connection has been established; however, the mysql_ library in PHP is being deprecated, and it is strongly advised you switch to mysqli_ or PDO, and in doing so, also change your query formation to use prepared statements; this will eliminate the need for escaping strings, as well as make your code more secure.