Another way to write this line

Forum Moderators: coopster

Message Too Old, No Replies

Another way to write this line

dainstructor

7:59 pm on Jan 11, 2007 (gmt 0)

For some reason I am receiving an the following error message:"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1" Whenever I try to run the following line. I'm not sure as to why. I've run a line like this before sucessfully


$query_getResource = "SELECT EmpNo, FirstName, LastName FROM resources WHERE resources.EmpNo = " .$getAssignment['EmpNo'];

Does anyone have any ideas of how i could possibly rewrite this so that it would be acceptable?

willybfriendly

8:08 pm on Jan 11, 2007 (gmt 0)

echo $query_getResource and see what you are getting. That might provide a clue.

WBF

coopster

8:09 pm on Jan 11, 2007 (gmt 0)

Exactly. I'm certain it will return an empty value as that is the very message that is returned on a query with that syntax.

$getAssignment['EmpNo']

is empty.

dainstructor

9:18 pm on Jan 11, 2007 (gmt 0)

Thanks for the suggestions. Still having a bit of trouble however.

I'm only able to echo the value once I remove the variable .$getAssignment['EmpNo'].

So now the code looks like:

$query_getProject ="SELECT ProjectID, ProjectName FROM projects"

This of course will return a string of "SELECT ProjectID, ProjectName FROM projects" if I echo it, but it doesn't complete the SQL I need. In order to complete the query, I need to be able to set the WHERE clause based on this php variable.

Any other suggestions?

cmarshall

9:25 pm on Jan 11, 2007 (gmt 0)

$query_getResource = "SELECT EmpNo, FirstName, LastName FROM resources WHERE resources.EmpNo = " .$getAssignment['EmpNo'];

SECURITY ADVISORY [securityfocus.com]:

Get in the habit of doing this:

$query_getResource = "SELECT EmpNo, FirstName, LastName FROM resources WHERE resources.EmpNo = '" .mysql_real_escape_string($getAssignment['EmpNo'])."'";

Note that I stuck an extra single quote on either side of the variable. That may help.

dainstructor

10:02 pm on Jan 11, 2007 (gmt 0)

Success Alas!

Thanks cmarshall and everyone else
Cheers!

coopster

12:22 am on Jan 12, 2007 (gmt 0)

Note that I stuck an extra single quote on either side of the variable.

That's what I get for assuming the EmpNo field was actually numeric and did not require quotation marks surrounding the value! Nice catch.

cmarshall

2:11 am on Jan 12, 2007 (gmt 0)

Nice catch.

Actually, that's the voice of experience.

Good judgment comes from experience. Experience comes from bad judgment.