Welcome to WebmasterWorld Guest from 54.198.222.129

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Quick help with a function and mysql

     
7:08 pm on Jan 17, 2013 (gmt 0)



Hi guys, I am new here and also new to PHP and I'm working my way through some online tutorials. I have a small problem with an error which is holding up my progress and I would like some help.

I have a content.php file and a functions.php file which is included in which I have defined the following function:

function get_subject_by_id($subject_id) {
global $connection;
$query = "SELECT * FROM subjects WHERE id=".$subject_id . " LIMIT 1";
$result_set = mysql_query($query, $connection);
confirm_query($result_set);

if ($subject = mysql_fetch_array($result_set)) {
return $subject;
} else {
return NULL;
}
}

However, when I call the function thus in my content.php page :

$sel_subject = get_subject_by_id($sel_subj);

I get the following error:

DatabaSe query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1

Now, I know the error is being generated by the confirm_query function I have, and I know that if I comment out the above function call I don't get the error...so I believe I must have messed up in the SQL syntax (as per the error report). However, I've checked it all over and I can't see the problem. I've even copy pasted the text from the exercise file so I know it's correct. Any ideas?

I am using an up to date version of XAMP and the video was put together in 2007. Could it be a change of syntax? I've tried removing the LIMIT 1 call but I still get an error.

Thanks in advance.
7:17 pm on Jan 17, 2013 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



What do you see if you display the $query variable?
7:19 pm on Jan 17, 2013 (gmt 0)



Forgive my ignorance - do you want me to echo it? Where, in the function or on the content.php page which calls it?
8:49 pm on Jan 17, 2013 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Echo it so you can see exactly what is being passed to the DB. More often than not, the string being passed to the DB is actually somewhat different from what is meant to be passed. :)
7:40 am on Jan 18, 2013 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



The vast majority of tutorials out there blatantly ignore security issues - actually I've to see the first one that's not specifically teaching security to show the right way to do things.
So remember that you're likely being thought how to handle a gun without any gun safety instructions at all.

That said, using the mysql interface is obsolete, it is replaced by mysqli (note the i). When learning things, I'd consider to skip mysql and move to mysqli immediately. That way you gain access to prepared statements and can solve security issues much more effectively than by trying to escape it all.
8:10 pm on Jan 18, 2013 (gmt 0)



Thanks for the replies everyone. Turns out I had to wait for the next chapter to have the error explained - I needed another function for handling page titles.

Re mysqli - I'm going to take a look at that this afternoon, thanks for the update.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month