Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts

    Unknown column '' in 'where clause'

    This is the code I am having the problem with -

    PHP Code:
    $strSql "SELECT * FROM guard WHERE homeworld= "$_GET['homeworld'];
    $rs mysql_query($strSql) or die(mysql_error()); 
    The contents of the homeworld column is showing in the address bar but I am still getting the error. If I change homeworld to id in all instances then it works. Or if I change
    PHP Code:
    $_GET['homeworld'
    to the name of the homeworld it works.
    Last edited by Foster; 09-23-2013 at 02:55 PM.

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,858
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    The contents of the homeworld column is showing in the address bar but I am still getting the error. If I change homeworld to id in all instances then it works.
    You should add quotes to wrap all string data, when used in queries.
    PHP Code:
    $strSql "SELECT * FROM guard WHERE homeworld= '{$_GET['homeworld']}'"
    Or
    PHP Code:
    $strSql "SELECT * FROM guard WHERE homeworld= '".$_GET['homeworld']."'"
    Last edited by abduraooft; 09-23-2013 at 03:11 PM.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by abduraooft View Post
    Or
    PHP Code:
    $strSql "SELECT * FROM guard WHERE homeworld= '".$_GET['homeworld']."'"
    This one worked which is weird cos I'm sure I tried it.

    I'm also having problems with a textarea and inverted commas causing a problem on input, anything you could help with?

  • #4
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,858
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Quote Originally Posted by Foster View Post
    I'm also having problems with a textarea and inverted commas causing a problem on input, anything you could help with?
    Please explain a little more, with example.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #5
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    On my site there are text boxes for people to put details in. If they type something along the lines of
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep.
    it will give a syntax error near
    't let you sleep.

  • #6
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,586
    Thanks
    78
    Thanked 4,385 Times in 4,350 Posts
    Those aren't "inverted commas". Those are APOSTROPHES.

    And if you think about it for one minute you will see why they have to be handled properly.

    Say your query is
    Code:
    INSERT INTO table (phrase) VALUES('They don't let you sleep')
    Where does the quoted string in that begin? Where does it end?

    Obvious answer: It begins at the first apostrophe and ends at the matching one.

    Okay, but which one matches?

    Answer: Like this...
    Code:
    INSERT INTO table (phrase) VALUES('They don't let you sleep')
    Oops, that's clearly not what you wanted.

    So how do you tell MySQL how to handle an EMBEDDED apostrophe?

    Answer: SAME WAY you do it in PHP code!!!
    Code:
    INSERT INTO table (phrase) VALUES('They don\'t let you sleep')
    To embed an apostrophe in either PHP or MySQL, just use \'
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #7
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    That was my assumption, however I don't know where to put the \ in my php code.

    This is the code it needs to go in.

    PHP Code:
    $insert mysql_query("insert into `marine` values ('NULL', '".$_POST['founding']."', '".$_POST['Background']."', '".$_POST['HistoricalFigures']."', '".$_POST['campaigns']."', '".$_FILES['file']['name']."')")
    or die(
    "Could not insert data because ".mysql_error()); 
    Last edited by Foster; 09-23-2013 at 08:26 PM.

  • #8
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,586
    Thanks
    78
    Thanked 4,385 Times in 4,350 Posts
    Use mysql_real_escape_string and it does it all for you.
    Code:
    $sql = "insert into marine 
            values ('NULL', '" . mysql_real_escape_string($_POST['founding']) ."','"
            . mysql_real_escape_string($_POST['Background']) ."','"
            . mysql_real_escape_string($_POST['HistoricalFigures']) . "','"
            . mysql_real_escape_string($_POST['campaigns']) . "','"
            . mysql_real_escape_string($_FILES['file']['name']) . "')";
    Last edited by Old Pedant; 09-23-2013 at 09:14 PM.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #9
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    I did try that but I put mysql_real_escape_string in the wrong place. Thank you.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •