View Full Version : Query Issue: Letters in field result in Error

08-22-2006, 04:51 AM
Hello, I have a MYSQL problem I can't seem to figure out. It seems like something simple but alas I can not find the error.

I have a link which opens a new browser window. The link itself looks like this;

<a href=\"JavaScript:goVisitSite('http://www.website.com/view_product.php?iid=$row[0]')\">View Product Page</a>

$row[0] being the item's ID.

The page it opens has this query;

$query = ("SELECT * FROM product WHERE product.id = {$_GET['iid']}");
$result = @mysql_query ($query);
$row = @mysql_fetch_array ($result,MYSQL_BOTH);

This code works fine for items with numerical values (123456) but does not load data for items with letters in the ID (E12345).

If anyone can help me I would appreciate it very much.

08-22-2006, 05:46 AM
You would be getting helpful warning messages pointing you in the direction of the problem, but for some reason you are suppressing messages with your use of the "@" sign on your mysql_query() function and mysql_fetch_array() function. I can understand suppressing warnings in a production environment, but when you're trying to troubleshoot I can't imagine why you'd be using them.

Another critical bit of error handling you're missing is checking to see if the call to mysql_query() returns true or false.

$result = mysql_query ($query);
if (!$result) {
//do appropriate error handling here, such as display the $query variable, display mysql_error(), write to log, etc
} else {
$row = mysql_fetch_array($result);

To address your specific problem, any strings you inject into SQL syntax must be enclosed by quotes. Integers/floats don't need quotes; this is why numeric values worked for you and alphanumeric values didn't.

$query = ("SELECT * FROM product WHERE product.id = '{$_GET['iid']}'");

Kid Charming
08-22-2006, 05:51 PM
I wouldn't worry about suppressing those too much, especially in this case -- they're only helpful if your function fails on the php side, not if your query fails on the MySQL side. To get those errors, you need to use PHP's mysql_error() function.

08-22-2006, 06:03 PM
What is your column type? Is it char/varchar? if it isn't one of those two then the error would be because you are trying to insert a string into a numeric column.