I have a silly problem with SELECT that won’t go away – PHP

  php

Q(Question):

Hi,

I am stuck again over something silly that I can not resolve.

I am using a link to create a dynamic page.

the link is itself written from the same same table that the dynamic page is written from, so the data must be ok (or the link wouldn’t be there )

Anyway the link is :
<a href="expert_disp.php?a=Dave" > &nbsp; Dave Casey </a>

(thats from the source )

Clicking on it runs expert_disp.php:

/*
* expert_disp.php
*
*/
@session_start();
$page="start";
require_once("my_functions.php");
if (@$_SESSION['auth'] == "yes" ){
require_once("mem_head.php");
} // end if
else {
require_once("a_head.php");
} // end if
$expert = safe_sql($_GET["a"]);
echo "Expert: $expert";
$sql = "SELECT * FROM `clients`
WHERE user_id = 'Fred' ";
$result = mysql_query($sql) or die("could not execute FIND MEMBER query". mysql_error() );
$row = mysql_fetch_array($result, MYSQL_ASSOC);
extract($row);

Now that echo displays :
Expert: Dave

and then I get an error:
could not execute FIND EXPERT query Unknown column ‘Dave’ in ‘where clause’

Now the table has user_id as its Primary Key so why am I getting this error ?
I am not looking in a column Dave but in user_id.

Can anyone help ?
Have mis coded this simple query ?

A(Answer):

Hi.

The query you posted cant really be causing this error. There are no variables in it. The only value, ‘Fred’, is hard-coded into it.

So there must be some other explanation for this error. Something that isn’t in the code you just posted.

Could something in the "my_functions.php", "mem_head.php" or "a_head.php" files be causing this?
Or possibly in the safe_sql() function?

A(Answer):

That’s strange; it says you’re looking for a column named Dave, but in your query I don’t see that. I’m guessing you must’ve edited to code, maybe?

A(Answer):

Thanks for looking into this.

I have taken out that safe_sql() in case it was effecting things.

I have deleted the query line completely and re-typed it.

But no change – still this funny error 🙁

Here is my new code:

@session_start();
$page="start";
require_once("my_functions.php");
if (@$_SESSION['auth'] == "yes" ){
require_once("mem_head.php");
} // end if
else {
require_once("a_head.php");
} // end if
$expert = $_GET["a"];
echo "Expert: $expert";
$sql = "select * from clients where user_id = $expert";
$result = mysql_query($sql) or die("could not execute FIND MEMBER query". mysql_error() );
$row = mysql_fetch_array($result, MYSQL_ASSOC);
extract($row);

My database table set up is like this:

$sql = "CREATE TABLE `clients` (
`confirm` char(1) NOT NULL default '',
`type` char(1) NOT NULL default '',
`user_id` varchar(25) NOT NULL default '',
`page` varchar(25) NOT NULL default '',
`profile` text NOT NULL default '',
`blog` text NOT NULL default '',
`lig_pos` int(3) default '0',
`contact` varchar(25) NOT NULL default '',
`sc_name` varchar(25) NOT NULL default '',
`email` varchar(40) NOT NULL default '',
`pass` varchar(255) NOT NULL default '',
`ref_count` int(3) default '0',
`create_date` int(12) default NULL,
`last_date` int(12) default NULL,
`refd_by_name` varchar(25) NOT NULL default '',
`refd_by_email` varchar(40) NOT NULL default '',
`vote_count` int(3) default '0',
`vid_count` int(3) default '0',
`art_count` int(3) default '0',
`free_prod` int(3) default '0',
`sell_prod` int(3) default '0',
KEY `lig_pos` (`lig_pos`),
KEY `email` (`email`),
PRIMARY KEY (user_id)
) ENGINE=MyISAM DEFAULT CHARSET=latin1";

Notice that user_id is NOT numeric but a string.

So whats the problem ???

A(Answer):

OK

Its solved !!

I was missing single quotes from this expression:

$sql = "SELECT prod_id,prod_name FROM `products` WHERE user_id = $expert";

it must be

$sql = "SELECT prod_id,prod_name FROM `products` WHERE user_id = ‘$expert’ ";

Thank you very much for your help.

A(Answer):

@jeddiki

Remember to post the correct markup. Your first post had absolutely nothing wrong with it, but that wasn’t the code that was causing the error. Please remember this in future.

Markus.

A(Answer):

@jeddiki

Glad to hear it :]

LEAVE A COMMENT