Welcome to WebmasterWorld Guest from 54.159.250.110

Forum Moderators: open

Message Too Old, No Replies

using a variable name in a procedure

like "variable%"

   
8:14 pm on Dec 25, 2011 (gmt 0)

5+ Year Member



I am working on a small library application. I have a bit of code in php that feeds a variable to an SQL routine. I want to move this bit of insecure PHP code to an SQL procedure.

right now the procedure looks like this:

Delimiter ~~~

create procedure findwriter (in thread varchar(25))
begin
select books.title as title,
concat(authors.efname,' ',authors.elname) as scribe
,books.book_id as id, Topics.topic as subject from books
inner join bookswritten using(book_id)
inner join authors using(writer_id)
inner join Topics using(Topic_id) where authors.elname like
"thread%" group by books.title order by authors.elname,
books.title;
end;

~~~
delimiter ;


when I feed in a name to the procedure, I get an error that it doesnt' recognize the string in my field list.

This incarnation worked well in PHP

Thanks
11:20 pm on Dec 25, 2011 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



"thread%" group by books.title order by authors.elname,


Does MySQL support variable parsing? Maybe you need to use CONCAT() to append the "%"?
4:42 am on Dec 26, 2011 (gmt 0)

5+ Year Member



It is parsing it, but it seems to be treating it like a table header
9:02 am on Dec 26, 2011 (gmt 0)

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



...