nathanfl Posted October 26, 2010 Share Posted October 26, 2010 hi guys, i'm working for some time now on a project and i'm really struggeling with 1 part of the project. What is the input for the script? the input for the script are numbers(1234) or number - letter combinations (xtx-12-34). also important to know is that $_POST['ordernummer']; can hold multiple inputs divided by a "," (like 1234,9876,1597) Database setup. my sql database has data stored, these numbers or number - letter combinations are in 1 collum. there are (ofc) more collums. What do i need. I need the input to be ordered by customer_name. below i have pasted the script the i have atm. It only works with numbers, as soon as i start to add letters, it dies. After some asking around it turns out the query is wrong, but i have no clue how i'm gone get the data i need. hopefully, after reading the code, you'll understand i bit better what i need $Ordernummer = $_POST['ordernummer']; $allorders[0] = ""; $query1 = mysql_query("SELECT CUSTOMER_NAME,COMP_ULL_ORDER_NUM_DOSSIER_NUM,ORDER_EINDGEBRUIKER,CUSTOMER_SEGMENT FROM data WHERE COMP_ULL_ORDER_NUM_DOSSIER_NUM IN (".$Ordernummer.") GROUP BY CUSTOMER_NAME "); while(list($customer,$ordernr)= mysql_fetch_row($query1)){ $query2 = mysql_query("SELECT CUSTOMER_NAME,COMP_ULL_ORDER_NUM_DOSSIER_NUM,ADDRESS_INST_STREET,ADDRESS_INST_NUMBER,ADDRESS_INST_ZIPCODE,ADDRESS_INST_CITY,CUSTOMER_SEGMENT,ORDER_EINDGEBRUIKER FROM data WHERE CUSTOMER_NAME='$customer' AND COMP_ULL_ORDER_NUM_DOSSIER_NUM IN (".$Ordernummer.") ORDER BY CUSTOMER_NAME "); while(list($cust,$order,$street,$housenr,$zip,$city)=mysql_fetch_row($query2)){ $full_line = $order." - ".$street." ".$housenr.", ".$zip.", ".$city."<br>"; $allorders[0] .= $full_line; } echo "<br>Customer: ".$customer." <br> Location(s) impacted:<br> ".$allorders[0]. "<br>"; $allorders[0] = ""; } so, like i said, i know atm no safety is added (sql injection). and query1 is wrong (i'm told, but i get the results i need) hope you some can help me, any help is greatly appreciated thx! nathan ps, sorry for the bas English, i'm not a native English speaker/writer Quote Link to comment Share on other sites More sharing options...
nathanfl Posted October 27, 2010 Author Share Posted October 27, 2010 anyone? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 27, 2010 Share Posted October 27, 2010 The query isn't necessarily 'wrong'. You're getting errors when you add letters to the search term because that make those particular values strings, and there isn't any logic in place to add quotes around the string values before they get put into the IN() in the query. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.