...

View Full Version : Multiple WHERE



bubbles19518
09-25-2006, 06:10 AM
I have a query:

$sql = "SELECT * FROM notes WHERE uid='$_SESSION[uid]', class='$_GET[class]' ORDER BY time ASC LIMIT 10";
I want to get everything where the uid is equal to the session variable and the class is equal to the class var in the url... I have no idea whats wrong.

Fumigator
09-25-2006, 06:37 AM
Are you getting an error or just no rows? I don't think you can separate your WHERE clauses with a comma, I think you have to use the AND keyword. It's worth a shot anyway.

And, by the way:
This is wrong: $_GET[class]
This is right: $_GET['class']



$sql = "SELECT *
FROM notes
WHERE uid='".$_SESSION['uid']."'
AND class='".$_GET['class']."'
ORDER BY time ASC
LIMIT 10";

guelphdad
09-25-2006, 02:45 PM
You can't separate with a comma because the query has no idea that both conditions must be true. Use AND as suggested above.

Also you should look in the php manual on using mysql_real_escape_string for cleaning up both of your variables. DO NOT accept anything from a form or cookie etc. that you haven't cleaned first.

if you aren't familiar with it look into sql injection attacks and cross server scripting attacks and see the problems you can run into.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum