homepage Welcome to WebmasterWorld Guest from 54.242.200.172
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe and Support WebmasterWorld
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Quick help with a function and mysql
magnus911




msg:4536922
 7:08 pm on Jan 17, 2013 (gmt 0)

Hi guys, I am new here and also new to PHP and I'm working my way through some online tutorials. I have a small problem with an error which is holding up my progress and I would like some help.

I have a content.php file and a functions.php file which is included in which I have defined the following function:

function get_subject_by_id($subject_id) {
global $connection;
$query = "SELECT * FROM subjects WHERE id=".$subject_id . " LIMIT 1";
$result_set = mysql_query($query, $connection);
confirm_query($result_set);

if ($subject = mysql_fetch_array($result_set)) {
return $subject;
} else {
return NULL;
}
}

However, when I call the function thus in my content.php page :

$sel_subject = get_subject_by_id($sel_subj);

I get the following error:

DatabaSe query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1

Now, I know the error is being generated by the confirm_query function I have, and I know that if I comment out the above function call I don't get the error...so I believe I must have messed up in the SQL syntax (as per the error report). However, I've checked it all over and I can't see the problem. I've even copy pasted the text from the exercise file so I know it's correct. Any ideas?

I am using an up to date version of XAMP and the video was put together in 2007. Could it be a change of syntax? I've tried removing the LIMIT 1 call but I still get an error.

Thanks in advance.

 

LifeinAsia




msg:4536925
 7:17 pm on Jan 17, 2013 (gmt 0)

What do you see if you display the $query variable?

magnus911




msg:4536926
 7:19 pm on Jan 17, 2013 (gmt 0)

Forgive my ignorance - do you want me to echo it? Where, in the function or on the content.php page which calls it?

LifeinAsia




msg:4536937
 8:49 pm on Jan 17, 2013 (gmt 0)

Echo it so you can see exactly what is being passed to the DB. More often than not, the string being passed to the DB is actually somewhat different from what is meant to be passed. :)

swa66




msg:4537056
 7:40 am on Jan 18, 2013 (gmt 0)

The vast majority of tutorials out there blatantly ignore security issues - actually I've to see the first one that's not specifically teaching security to show the right way to do things.
So remember that you're likely being thought how to handle a gun without any gun safety instructions at all.

That said, using the mysql interface is obsolete, it is replaced by mysqli (note the i). When learning things, I'd consider to skip mysql and move to mysqli immediately. That way you gain access to prepared statements and can solve security issues much more effectively than by trying to escape it all.

magnus911




msg:4537245
 8:10 pm on Jan 18, 2013 (gmt 0)

Thanks for the replies everyone. Turns out I had to wait for the next chapter to have the error explained - I needed another function for handling page titles.

Re mysqli - I'm going to take a look at that this afternoon, thanks for the update.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved