homepage Welcome to WebmasterWorld Guest from 107.20.131.154
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Accredited PayPal World Seller

Visit PubCon.com
Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

    
Problem with SELECT statement
php selecy error
Ollie_3rd




msg:4067684
 11:02 pm on Jan 25, 2010 (gmt 0)

Can someone explain why this select statement returns the following error?

Fatal error: Call to undefined function SELECT * FROM smitty WHERE field_1 = 1111() in C:\xampp\htdocs\xampp\newcode\display.php on line 18

When I echo the value of $record I get 1111 but when I use it in the select statement I get 1111().

I am grabbing the value from another form.

CODE:

<?php

if (!($connection = @ mysql_connect("localhost", "root", "")))
die("Could not connect to database");

# GRAB THE VARIABLES FROM THE FORM
$record = $_POST['record'];

// Has a record number been provided?
if (empty($record))
die("You must provide a Record Number.");

// Retrieve details for editing
echo $record;
$query = "SELECT * FROM smitty WHERE field_1 = {$record}";

if (!$query("field_1", $connection)) (THIS IS LINE 18)
die("Something is wrong.");

if (!($result = @ mysql_query($query, $connection)))
die("Something is wrong.");

 

rocknbil




msg:4067820
 3:19 am on Jan 26, 2010 (gmt 0)

You've built quite an interesting case here that's a combination of issues and conditions. :-)

I've never seen what you're doing on line 18, and it shouldn't be necessary.

The final solution, really, is in proper input filtering. PHP coders like to turn to a predefined function such as is_numeric(), like you have there with empty(), fair enough. But ZERO is also numeric, and you'd never (err . . . should never) have a unique record id of zero. So the fix:


if (isset($_POST['record'] and ($_POST['record'] > 0)) {
$record = $_POST['record'];
// note no need for empty check.
// Retrieve details for editing
$query = "SELECT * FROM smitty WHERE field_1=$record";
// line 18 . . poof
if (!($result = @mysql_query($query))) { die("Something is wrong."); }
// do mysql_fetch_array, but since it's a SINGLE RECORD
// don't do while, do IF
if ($row=mysql_fetch_array($result)) {
echo "found " . $row['name'];
}
else { echo "no record found"; }
}
else { echo "Request record_id is invalid, use a number"; }

I'd like to add, since you are querying a numeric field, you are correct to not quote $record. The reason for this is if it is quoted, like

$query = "SELECT * FROM smitty WHERE field_1='$record'";

If it's an invalid input (text r something) you'll get no results, or won't do an update, and you'll wonder why. This is prevented by the >0 check in my test, but it's something that's handy to know.

Ollie_3rd




msg:4068157
 4:57 pm on Jan 26, 2010 (gmt 0)

Thanks a lot for the help. I will let you know if I have any problems.

Ollie

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved