473,385 Members | 1,813 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > dynamic sql built in a php form - problem with character values

Join Bytes to post your question to a community of 473,385 software developers and data experts.

dynamic SQL built in a PHP form - problem with character values

40
I have a multi-field search PHP page, and the resulting PHP page builds dynamic WHERE statements to do the database search. The first field is numeric, and works:
Expand|Select|Wrap|Line Numbers
  1. $facility = $_REQUEST['fac_id'];
  2. if ($facility != '') {
  3. echo "Facility: ".$facility." ";
  4. $where .= ' AND fac_id='.$facility.'';
  5. }
  6.  
This code builds SQL that looks like this:
SELECT fac_id, room_descr, person_type, severity FROM incidents WHERE 1=1 AND fac_id=000852 ORDER BY fac_id, room_descr, person_type, severity.
But when the field is character, this same code does not work:
Expand|Select|Wrap|Line Numbers
  1. $persontype = $_REQUEST['person_type'];
  2. if ($persontype != '') {
  3. echo "Persontype: ".$persontype. " ";
  4. $where .= ' AND person_type ='.$persontype.'';
  5. }
  6.  
This produces the following SQL:
SELECT fac_id, room_descr, person_type, severity FROM incidents WHERE 1=1 AND person_type =Outpatient ORDER BY fac_id, room_descr, person_type, severity
And gives the error:
Error: Unknown column 'Outpatient' in 'where clause'.
If I copy the SQL produced and add quotes around Outpatient it runs fine in phpmyadmin.

How do I add single quotes to the person_type field?

TIA,

jej1216
Jun 5 '07 #1
2 1476
jej1216
40
I got it.

Expand|Select|Wrap|Line Numbers
  1. $persontype = $_REQUEST['person_type'];
  2. if ($persontype != '') {
  3. echo "Persontype: ".$persontype. " ";
  4. $where .= " AND person_type ='".$persontype."'";
  5. }
  6.  
I knew it was a small thing.

jej1216
Jun 5 '07 #2
pbmods
5,821 Expert 4TB
Good thinking.

One thing I must caution you about, though: What if $_REQUEST['person_type'] were "'\cDROP TABLE `incidents`"?

http://us2.php.net/addslashes
Jun 5 '07 #3

Sign in to post your reply or Sign up for a free account.

Similar topics

10
dynamic form values
by: Dave Karmens | last post by:
If I have say 10 fixed variables, how can I set their values = to that of a form that is built dynamically? column1 column2 email = formvalue(0) fname = formvalue(1) lname = formvalue(2)...
ASP / Active Server Pages
7
Error in dynamic sql: Data type mismatch in criteria
by: Jack | last post by:
Hi, I am trying to test a sql statement in Access which gives me the error as stated in the heading. The sql statement is built as a part of asp login verification, where the userid and password...
ASP / Active Server Pages
1
Dynamic Crosstab Report
by: Nathan Bloomfield | last post by:
Does anyone know if there is any documentation which relates to Access2k + ? or can anyone help adjust the code? I am having trouble converting the DAO references. TITLE :INF: How to...
Microsoft Access / VBA
3
Dynamic Controls on a Multi-Step Form
by: Leo J. Hart IV | last post by:
OK, here's another question for the experts: I am building a multi-step (3 steps actually) form using a panel for each step and hiding/displaying the appropriate panel/panels depending on which...
ASP.NET
0
Dynamic input form suggestions needed
by: MattB | last post by:
Hi. I'm on my second redesign of a dynamic form I need to create and I'm looking for good examples and/or suggestions. I have a web application that is being distributed to different clients of...
ASP.NET
2
Dynamic Crosstab...SOS
by: deejayquai | last post by:
Hi I'm trying to produce a report based on a dynamic crosstab. Ultimately i'd like the report to actually become a sub report within a student end of year record of achievement. The dynamic...
Microsoft Access / VBA
15
Pop up window problem with dynamic textboxes and query string
by: Kapil Jain | last post by:
Dear All, What i need to achieve is : I am generating dynamic text boxes thru dhtml coding, i need onChange event of oragnistation text box i.e dynamically generated on click of "More" button in...
Javascript
5
getting 'options' is null or not an object using autoComplete with dynamic dataset
by: jdzemke | last post by:
I am getting 'options' is null or not an object using when using a dynamic dataset with a dropdown list in an html form. I am filling-in a text field and filtering the values in the drop-down. ...
Javascript
2
Storing dynamic form values in Arrays for display & insert
by: assgar | last post by:
Hi Developemnt on win2003 server. Final server will be linux Apache,Mysql and PHP is being used. I use 2 scripts(form and process). The form displays multiple dynamic rows with chechboxs,...
PHP
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!