Welcome to WebmasterWorld Guest from 54.234.8.146

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

Problem with SELECT statement

php selecy error

     

Ollie_3rd

11:02 pm on Jan 25, 2010 (gmt 0)

5+ Year Member



Can someone explain why this select statement returns the following error?

Fatal error: Call to undefined function SELECT * FROM smitty WHERE field_1 = 1111() in C:\xampp\htdocs\xampp\newcode\display.php on line 18

When I echo the value of $record I get 1111 but when I use it in the select statement I get 1111().

I am grabbing the value from another form.

CODE:

<?php

if (!($connection = @ mysql_connect("localhost", "root", "")))
die("Could not connect to database");

# GRAB THE VARIABLES FROM THE FORM
$record = $_POST['record'];

// Has a record number been provided?
if (empty($record))
die("You must provide a Record Number.");

// Retrieve details for editing
echo $record;
$query = "SELECT * FROM smitty WHERE field_1 = {$record}";

if (!$query("field_1", $connection)) (THIS IS LINE 18)
die("Something is wrong.");

if (!($result = @ mysql_query($query, $connection)))
die("Something is wrong.");

rocknbil

3:19 am on Jan 26, 2010 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



You've built quite an interesting case here that's a combination of issues and conditions. :-)

I've never seen what you're doing on line 18, and it shouldn't be necessary.

The final solution, really, is in proper input filtering. PHP coders like to turn to a predefined function such as is_numeric(), like you have there with empty(), fair enough. But ZERO is also numeric, and you'd never (err . . . should never) have a unique record id of zero. So the fix:


if (isset($_POST['record'] and ($_POST['record'] > 0)) {
$record = $_POST['record'];
// note no need for empty check.
// Retrieve details for editing
$query = "SELECT * FROM smitty WHERE field_1=$record";
// line 18 . . poof
if (!($result = @mysql_query($query))) { die("Something is wrong."); }
// do mysql_fetch_array, but since it's a SINGLE RECORD
// don't do while, do IF
if ($row=mysql_fetch_array($result)) {
echo "found " . $row['name'];
}
else { echo "no record found"; }
}
else { echo "Request record_id is invalid, use a number"; }

I'd like to add, since you are querying a numeric field, you are correct to not quote $record. The reason for this is if it is quoted, like

$query = "SELECT * FROM smitty WHERE field_1='$record'";

If it's an invalid input (text r something) you'll get no results, or won't do an update, and you'll wonder why. This is prevented by the >0 check in my test, but it's something that's handy to know.

Ollie_3rd

4:57 pm on Jan 26, 2010 (gmt 0)

5+ Year Member



Thanks a lot for the help. I will let you know if I have any problems.

Ollie

 

Featured Threads

Hot Threads This Week

Hot Threads This Month