SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Addict
    Join Date
    Jul 2013
    Location
    South of the equator, then turn left
    Posts
    365
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Query driving me nuts

    Hi all,

    I have a query which retrieves information from 2 tables. My WHERE statement receives its value from a URL on another page:

    WHERE fname = '$name' ";

    Instead of using a primary key (e.g., name_id = 1) in my query and URL, I've used another column's name – fname, in order to make the URL easier to read. The problem however, is that by using a column that's not a primary key, I'm unable to a access the specific rows in my “child” table (primary - foreign key relationship).

    So, should I rather use 2 key-value pairs in my query and URL, instead of what I'm currently doing?
    WHERE fname = '$name' && name_id='$nameid'”;

    Or is there a simpler way or perhaps I'm missing something?

    Please let me know.

    Thanks in advance!

  2. #2
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,341
    Mentioned
    63 Post(s)
    Tagged
    3 Thread(s)
    no idea if there's a simpler way, as you haven't really shown us your table layouts

    but yes, using two WHERE conditions will solve it

    p.s. don't use &&, use AND instead
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  3. #3
    SitePoint Addict
    Join Date
    Jul 2013
    Location
    South of the equator, then turn left
    Posts
    365
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Rudy,

    thank you for your help.


    I think I solved the problem by adding USING (column name) to the query.

  4. #4
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,077
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by RedBishop View Post
    I have a query which retrieves information from 2 tables. My WHERE statement receives its value from a URL on another page:
    Is the value being sanitized? if it isn't you leave your app vulnerable to an SQL Injection attack. This page from the PHP Manual explains what an SQL Injection Attack is.
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  5. #5
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,341
    Mentioned
    63 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by RedBishop View Post
    I think I solved the problem by adding USING (column name) to the query.
    please show your actual query
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •