Ask a question

Popular technologies

PHP x 42333
Laravel x 7025
Yii x 238
CodeIgniter x 704
Symfony x 1006
CakePHP x 144
Zend Framework x 17
Phalcon x 29
FuelPHP x 2
Slim x 42
JavaScript x 4234
React x 147
Angular x 74
Vue.js x 41
JQuery x 598
Node.js x 72
MySQL x 2803
CSS x 292
Bootstrap x 173
Foundation x 12
Animate.css x 1
HTML x 2152

Latest questions:

786 php - Laravel 9 - implode() and whereIn
212 php - what's the meaning of the result of var_dump (object)?
879 php - Unauthenticated in Laravel Passport while fetching data
522 php - How to get ID of the first table in a join table
380 guzzle - Where is the get() function in PHP GuzzleHttp?
156 javascript - Timekeeping System: Plot schedule for time in and time out frame within the same day is not working
113 php - Walker_Nav_Menu() for top level links only
160 php - I keep getting unidentified varible $data
372 php - How to catch Oracle db error in Codeignitor 3
811 php - how can i find this html file in WordPress project
  1. Home
  2. PHP MySQL Adjusting Query with QueryString
68 votes
2 answers

PHP MySQL Adjusting Query with QueryString

Get the solution ↓↓↓

Apologies for the newbie question.

My website has a form.

<form action='' method='get'>
<select id="cSelector" name="cSelector">
    <option value=""></option>
    <option value="">Show All Items</option>
    <option value="Compensation">Compensation</option>
</select>
  <input type="submit" value="Submit">  

</form>

My querystring, created on form submission, looks like this:

http://website.com/table_example.php?cSelector=Compensation

My query looks like this:

$stmt = $conn->prepare("
SELECT t1.CategoryID,t1.SubCategoryName, t1.CategoryName, t1.SubCategoryID, t2.ItemText from
    (SELECT Category.CategoryID,CategoryName, SubCategoryName, SubCategoryID
    FROM Category
    JOIN SubCategory
    ON Category.CategoryID = SubCategory.CategoryID) t1
RIGHT JOIN  
    (SELECT SubCategoryID, ItemText FROM Item) t2
ON (t1.SubCategoryID = t2.SubCategoryID)
WHERE 1 ".$searchQuery." AND CategoryName = ".$search2." ORDER BY ".$columnName." ".$columnSortOrder." LIMIT :limit,:offset");

The intended result produces a table queried by CategoryName.

My question. Why does this properly execute?

$search2='Compensation';

And this does not?

$search2 = "'".$_GET['cSelector']."'";

Any help would be very much appreciated. And thank you!

371
votes

Answer

Solution:

You're submitting this form viaGET

<form action='' method='get'>

Your line though$search2 = "'".$_POST['cSelector']."'"; is using$_POST

It should be$_GET instead:

$search2 = "'" . $_GET['cSelector'] . "'";`

AFTER OP's CHANGES

This

$search2='Compensation';

and

$search2 = "'".$_GET['cSelector']."'";

are not the same. The top is just a string value. The bottom is a string value wrapped in quotes, so it isn'tCompensation it is'Compensation'.

655
votes

Answer

Solution:

The core of the issue is actually that you're not exactly sure what the query is. If the two strings sent were identical, they would both run, but they're not. Somehow.

The real need is visibility into your query. So something like

$strQuery = "SELECT t1.CategoryID,t1......";
echo "<pre>$strQuery</pre>";
$stmt = $conn->prepare($strQuery)

Now you can see what it's doing. You're operating blind as it is.

Two additional notes:

  1. You'll hear from everyone that it's a bad idea to put paramaters you're getting from a get or post straight into a SQL query. They're not wrong.
  2. String building for these things is always easier if you're a little more verbose about it. Grab the variable first, as you're going to want to do some processing on it anyway, trimming whitespace, protecting against quotes, etc. Then put it in your query string

Source

Share

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Similar questions

Find the answer in similar questions on our website.

600 php - What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
855 php - Woocommerce - pagination on product reviews does not work with a custom query
701 php - Retrieve Postmeta in Custom WordPress Query
784 php - MySQL Monitoring Notificaation System
368 php - jQuery If checkbox in foreach loop is checked, include checkboxes and input values within that loop
864 IF infant missed the now() date schedule then he we will get the show next date schedule php mysql
396 php - i can't update MYSQL database record using HTML form even i get updated successfully
533 laravel - .Blade.php page doesn't work with localhost but with php artisan server it's work
412 I want to alter column name dynamic in existing table using php and mysql
83 Don't want to Include certain rows in excel when I'm importing it to mysql using PHP

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.




About the technologies asked in this question

PHP

PHP (from the English Hypertext Preprocessor - hypertext preprocessor) is a scripting programming language for developing web applications. Supported by most hosting providers, it is one of the most popular tools for creating dynamic websites. The PHP scripting language has gained wide popularity due to its processing speed, simplicity, cross-platform, functionality and distribution of source codes under its own license.
https://www.php.net/


MySQL

DBMS is a database management system. It is designed to change, search, add and delete information in the database. There are many DBMSs designed for similar purposes with different features. One of the most popular is MySQL. It is a software tool designed to work with relational SQL databases. It is easy to learn even for site owners who are not professional programmers or administrators. MySQL DBMS also allows you to export and import data, which is convenient when moving large amounts of information.
https://www.mysql.com/

Welcome to webdevask.com

Welcome to webdevask.com

Welcome to the Q&A site for web developers. Here you can ask a question about the problem you are facing and get answers from other experts. We have created a user-friendly interface so that you can quickly and free of charge ask a question about a web programming problem. We also invite other experts to join our community and help other members who ask questions. In addition, you can use our search for questions with a solution.

Get answers to specific questions

Ask about the real problem you are facing. Describe in detail what you are doing and what you want to achieve.

Help Others Solve Their Issues

Our goal is to create a strong community in which everyone will support each other. If you find a question and know the answer to it, help others with your knowledge.

© 2022 webdevask.com