...

View Full Version : What's wrong with this php statement?



Thuita Maina
03-23-2013, 10:41 AM
What's wrong with this php statement?


$sql="SELECT Title, Post, Date FROM entries WHERE Title LIKE '%" . $name . "%' OR Post LIKE '%" . $name ."%' OR Date LIKE '%" . $name ."%'LIMIT $startResults, $resultsPerPage";

AndrewGSW
03-23-2013, 11:32 AM
What's wrong with this php statement?


$sql="SELECT Title, Post, Date FROM entries WHERE Title LIKE '%" . $name . "%' OR Post LIKE '%" . $name ."%' OR Date LIKE '%" . $name ."%'LIMIT $startResults, $resultsPerPage";
Date is a reserved word or, at least, not recommended as an identifier in most database systems. Surround it with back-ticks ` or square brackets, depending on which database you are using.

If Date is stored as some kind of date-value, rather than a string, then probably the format for it needs some work.

Fou-Lu
03-23-2013, 04:24 PM
Syntactically it is not wrong. Date is a reserved word, but it is classified as the exceptional reserved words, so you don't actually *need* to back tick it. It would be wise to do so, and even wiser to simply not use date as a property. You're wildcarding the start of a string as well, so you won't be able to benefit from the use of an index.

This also has nothing to do with PHP, and I'll assume mysql since you have a LIMIT there. Moving to mysql forum.

Old Pedant
03-24-2013, 05:15 AM
FouLu is assuming, which Andrew is not, that the database in use here is MySQL.

In some other database, DATE truly is reserved and cannot be used with the escaping that Andrew noted.

I do have to wonder how useful it is to do WHERE ... DATE LIKE '%$name%'...

What is the likelihood that a date will look anything at all like a name?

OH! IT JUST OCCURRED TO ME!!! *IF* your MySQL is set to treat WARNINGS the same as ERRORS, then indeed that *COULD* cause an error! Because that code *FORCES* MySQL to convert the DATE field into a VARCHAR field (it can't use LIKE with a DATE field). Normally, that will just get you a warning, that most of us will ignore. But if you are operating in very strict mode, that warning could be treated as an error.

You can, of course, then avoid the warning (and error if you are in strict mode) thusly:


WHERE ... CONVERT(`DATE`, CHAR) LIKE '%$name%' ...

That is, you explicitly tell MySQL that you WANT to convert the date to a string and it is much happier.

siyajoshi
04-02-2013, 07:34 AM
Hello friends,
These are:
$result = mysql_query("SELECT id FROM users where fbID=$userID");
if (mysql_num_rows($result) > 0) {
mysql_query("UPDATE users
SET firstName='$firstName'
, lastName='$lastName'
, facebookURL='$link'
, birthday='$birthday'
, update='$today'
, accessToken='$accessToken'
, parentEmailOne='$parentEmailOne'
, WHERE fbID='$userID'");
} else {
mysql_query("INSERT INTO users
(fbID, firstName, lastName, facebookURL, birthday
, updated, accessToken, parentEmailOne )
VALUES ('$userId', '$firstName', '$lastName', '$link', '$birthday'
, '$today', '$accessToken', '$parentEmailOne')");
}

Junsee
04-08-2013, 11:54 PM
What's wrong with this php statement?


$sql="SELECT Title, Post, Date FROM entries WHERE Title LIKE '%" . $name . "%' OR Post LIKE '%" . $name ."%' OR Date LIKE '%" . $name ."%'LIMIT $startResults, $resultsPerPage";

oooohh this is like pin the tail on the donkey...
erm no space before the LIMIT is my guess...



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum