Welcome to WebmasterWorld Guest from 54.144.39.30

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Quick help with a function and mysql

     
7:08 pm on Jan 17, 2013 (gmt 0)

New User

joined:Jan 17, 2013
posts:3
votes: 0


Hi guys, I am new here and also new to PHP and I'm working my way through some online tutorials. I have a small problem with an error which is holding up my progress and I would like some help.

I have a content.php file and a functions.php file which is included in which I have defined the following function:

function get_subject_by_id($subject_id) {
global $connection;
$query = "SELECT * FROM subjects WHERE id=".$subject_id . " LIMIT 1";
$result_set = mysql_query($query, $connection);
confirm_query($result_set);

if ($subject = mysql_fetch_array($result_set)) {
return $subject;
} else {
return NULL;
}
}

However, when I call the function thus in my content.php page :

$sel_subject = get_subject_by_id($sel_subj);

I get the following error:

DatabaSe query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1

Now, I know the error is being generated by the confirm_query function I have, and I know that if I comment out the above function call I don't get the error...so I believe I must have messed up in the SQL syntax (as per the error report). However, I've checked it all over and I can't see the problem. I've even copy pasted the text from the exercise file so I know it's correct. Any ideas?

I am using an up to date version of XAMP and the video was put together in 2007. Could it be a change of syntax? I've tried removing the LIMIT 1 call but I still get an error.

Thanks in advance.
7:17 pm on Jan 17, 2013 (gmt 0)

Moderator from US 

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 10, 2005
posts:5616
votes: 44


What do you see if you display the $query variable?
7:19 pm on Jan 17, 2013 (gmt 0)

New User

joined:Jan 17, 2013
posts:3
votes: 0


Forgive my ignorance - do you want me to echo it? Where, in the function or on the content.php page which calls it?
8:49 pm on Jan 17, 2013 (gmt 0)

Moderator from US 

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 10, 2005
posts:5616
votes: 44


Echo it so you can see exactly what is being passed to the DB. More often than not, the string being passed to the DB is actually somewhat different from what is meant to be passed. :)
7:40 am on Jan 18, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 7, 2003
posts:4783
votes: 0


The vast majority of tutorials out there blatantly ignore security issues - actually I've to see the first one that's not specifically teaching security to show the right way to do things.
So remember that you're likely being thought how to handle a gun without any gun safety instructions at all.

That said, using the mysql interface is obsolete, it is replaced by mysqli (note the i). When learning things, I'd consider to skip mysql and move to mysqli immediately. That way you gain access to prepared statements and can solve security issues much more effectively than by trying to escape it all.
8:10 pm on Jan 18, 2013 (gmt 0)

New User

joined:Jan 17, 2013
posts:3
votes: 0


Thanks for the replies everyone. Turns out I had to wait for the next chapter to have the error explained - I needed another function for handling page titles.

Re mysqli - I'm going to take a look at that this afternoon, thanks for the update.