zacron Posted August 9, 2010 Share Posted August 9, 2010 $var = @$_GET['q'] ; $trimmed = trim($var); $table = @$_GET['field']; $query="SELECT * FROM contacts WHERE @'table' contains @'trimmed' order by id"; $result=mysql_query($query); $num=mysql_numrows($result); Why wont this work? Zacron Quote Link to comment Share on other sites More sharing options...
Sabmin Posted August 9, 2010 Share Posted August 9, 2010 I found you can't use "table" as any part of your variable if you plan to use it in your query, try changing it to $tab and see if it works Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted August 9, 2010 Share Posted August 9, 2010 The @ is an error suppressor, it isn't used to assign a value to a variable, or read a value from a variable. IMHO, it shouldn't be used at all. Quote Link to comment Share on other sites More sharing options...
zacron Posted August 9, 2010 Author Share Posted August 9, 2010 <?php include("dbinfo.inc.php"); mysql_connect(localhost,$username,$password); @mysql_select_db(sibbaldreports) or die( "error 101... uh oh, call tech support!"); $var = @$_GET['q'] ; $trimmed = trim($var); $tab = @$_GET['field']; $query="SELECT * FROM contacts WHERE @'tab' contains @'trimmed' order by id"; // get results $query .= " limit $s,$limit"; $result = mysql_query($query) or die("Couldnt execute query"); I'm getting "couldn't execute query"? I dunno Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted August 9, 2010 Share Posted August 9, 2010 I found you can't use "table" as any part of your variable if you plan to use it in your query, try changing it to $tab and see if it works Yes you can. Even if the table's name was `table`, as long as it is enclosed in backticks, it's fine. Quote Link to comment Share on other sites More sharing options...
Sabmin Posted August 9, 2010 Share Posted August 9, 2010 hmm every time I used it even with the ' I would get an sql syntax error until I changed '$table' to '$tab' in which it worked fine. Sorry to get off topic but what is "contains" in the query? I've never used or seen it for that matter, are you trying to get something that is just similar to the input? if so try: $query="SELECT * FROM contacts WHERE '$tab' LIKE '%$trimmed%' order by id"; otherwise try: $query="SELECT * FROM contacts WHERE '$tab' = '$trimmed' order by id"; Quote Link to comment Share on other sites More sharing options...
samshel Posted August 9, 2010 Share Posted August 9, 2010 Use $result = mysql_query($query) or die($query."==".mysql_error()); It will tell u whats going wrong. Quote Link to comment Share on other sites More sharing options...
zacron Posted August 9, 2010 Author Share Posted August 9, 2010 THANK YOU, THANK YOU, THANK YOU!!! You have helped me to LEARN! I really appreciate the help! Go PHPFREAKS Zacron Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.