Unknow Column

<?php require_once('../Connections/mysql.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
session_start();
$colname_friends = "-1";
if (isset($_SESSION['kt_login_user'])) {
$colname_friends = $_SESSION['kt_login_user'];
}

mysql_select_db("rubygir_slappyjaw");
if(!$mysql) {

echo 'Could not connect to the database.';
} else {

if(isset($_POST['queryString'])) {

if(strlen($queryString) >0) {

mysql_select_db($database_mysql, $mysql);
$query_friends = sprintf("SELECT * FROM friends WHERE (friend LIKE `{$queryString}` AND username = %s)", GetSQLValueString($colname_friends, "int"));
$friends = mysql_query($query_friends, $mysql) or die(mysql_error());
$row_friends = mysql_fetch_assoc($friends);
$totalRows_friends = mysql_num_rows($friends);
if($query = True) {
echo '<ul>';
while ($row_friends = $result) {
echo '<li onClick="fill(\''.$result['friend'].'\');">'.$result['friend'].'</li>';
}
echo '</ul>';

} else {
echo "We're sorry but you currently do not have any friends to message to.";
}
} else {
// do nothing
}
} else {
echo 'There should be no direct access to this script!';
}
}

mysql_free_result($friends);
?> For some reasion this script is returning a mysql error saying Unknown column '"ENTEREDVALUE"' in 'where clause'. this script allows users to select there friends from a ajax drop down list. Thank you for any help!:thumbsup:

well, sounds like ENTEREDVALUE doesnt exist in the database...

Dan

This is a Dreamweaver drag-and-drop thing, right? Isn't kt_login_user the username? If so, you've either dragged and dropped an incorrect field or mis-tweaked the query perhaps.

If you really mean to be querying using the username, then change the data type you're passing to GetSQLValueString from "int" to "text" (I think that's a valid type name).
);
$query_friends = sprintf("SELECT * FROM friends WHERE (friend LIKE `{$queryString}` AND username = %s)", GetSQLValueString($colname_friends, "text"));

Oh, that "ENTEREDVALUE" thing is probably part of an error message from GetSQLValueString that you're not catching. That's a drawback of drag-and-drop coding - you get extra junk tossed in and necessary tests missing.

EDIT: That being said, I guess it's no more of a drawback than sloppy hand-coding. The final quality really comes down to who's sitting behind the keyboard... or the mouse.