SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Addict mh8759's Avatar
    Join Date
    Jun 2000
    Location
    Slovenia, Europe
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have a table of categories, which has 2 columns, ID and Title.
    Using this statement I combine these two columns in one variable:

    $cat = $row['ID']. " " .$row['Title'];

    Then I send it through query string:

    echo("<TR><TD width=\"5%\"><center><font face=\"Arial\" size=2><a href='$PHP_SELF?delcat=$catid&catde=$cat'>".$row['ID']."</a></font></center></TD>");

    This is where I use it then:

    $delete_authors = "DELETE FROM authors WHERE category=$catde";
    mysql_query($delete_authors);

    My Category column in authors table is also combined of ID and Title(for example: 5 City News), so there shouldn't be any problem.
    But this is what I get as a result(lets say $catde=5 City News):

    You have an error in your SQL syntax near 'City News' at line 1

    This is really bugging me. I think there's something wrong in passing this text through query string(this is how it looks in query string: catde=5%20City%20News). Is this ok?

    Any suggestions?
    Thanks in advance
    Mare

  2. #2
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    First of all, you should encode your string before you pass it in the query string. This fixes special characters so they can be passed safely (for example, spaces are converted to %20).

    Next, you need to enclose the string in your MySQL query in quotes. You should also use addslashes() to escape quotes, which would interfere with the SQL code otherwise.

    Here's the corrected code:

    Code:
    $cat = urlencode($row['ID']. " " .$row['Title']); 
    
    echo("<TR><TD width=\"5%\"><center><font face=\"Arial\" ".
    "size=2><a href='$PHP_SELF?delcat=$catid&catde=$cat'>".
    $row['ID']."</a></font></center></TD>"); 
    
    $catde = addslashes($catde);
    $delete_authors = "DELETE FROM authors WHERE category='$catde'"; 
    mysql_query($delete_authors);
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  3. #3
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    don't forget to urldecode($catde) on the other end before using itn in the query
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  4. #4
    SitePoint Addict mh8759's Avatar
    Join Date
    Jun 2000
    Location
    Slovenia, Europe
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you both! i didn't know about these functions..they'll be very useful to me in the future...however i've already modified my tables and everything and separated columns ID and category Title in all my tables, rewrote the code to make it more relational(i've used your article to do that, Kevin)..now I have CID and AID and everything works fine

    thanks again
    Mare

  5. #5
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    urldecode() isn't actually required on the receiving end. The decoding of GET variables is done automatically by PHP. urldecode() need only be used if you want to decode a value that you have encoded earlier on in the same script.
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  6. #6
    SitePoint Wizard jumpthru's Avatar
    Join Date
    Apr 2000
    Location
    Los Angeles, California
    Posts
    1,008
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by kyank
    First of all, you should encode your string before you pass it in the query string. This fixes special characters so they can be passed safely (for example, spaces are converted to %20).

    Next, you need to enclose the string in your MySQL query in quotes. You should also use addslashes() to escape quotes, which would interfere with the SQL code otherwise.

    Here's the corrected code:

    Code:
    $cat = urlencode($row['ID']. " " .$row['Title']); 
    
    echo("<TR><TD width=\"5%\"><center><font face=\"Arial\" ".
    "size=2><a href='$PHP_SELF?delcat=$catid&catde=$cat'>".
    $row['ID']."</a></font></center></TD>"); 
    
    $catde = addslashes($catde);
    $delete_authors = "DELETE FROM authors WHERE category='$catde'"; 
    mysql_query($delete_authors);
    Can you give an overview of the addslahses and its related functions. Thanks.

  7. #7
    You talkin to me? Anarchos's Avatar
    Join Date
    Oct 2000
    Location
    Austin, TX
    Posts
    1,438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I suggest you learn to fend for yourself and use http://www.php.net

  8. #8
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Code:
    $teststring = "This is a 'test string'.";
    
    $teststring = addslashes($teststring);
    
    // $teststring now contains: "This is a \'test string\'."
    // Now you can safely do:
    
    $result = mysql_query(
      "SELECT * FROM myTable WHERE content LIKE '%$teststring%'"
    );
    For more details, see: http://www.php.net/addslashes

    [Edited by kyank on 10-23-2000 at 09:59 AM]
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  9. #9
    SitePoint Wizard jumpthru's Avatar
    Join Date
    Apr 2000
    Location
    Los Angeles, California
    Posts
    1,008
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okay, thanks


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •