|
|
Posted by Rami Elomaa on 03/20/07 09:47
pradeep kirjoitti:
> Hi,
>
> I have a problem in PHP about Query of concating.
> Please, guide me
>
> 1: test.sql is dump file
>
> -- PHP Version: 4.4.2
> --
> -- Database: `pradeep`
> --
>
> -- --------------------------------------------------------
>
> --
> -- Table structure for table `test`
> --
>
> CREATE TABLE `test` (
> `id` int(11) NOT NULL,
> `fullname` varchar(50) NOT NULL,
> PRIMARY KEY (`id`)
> ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
>
> --
> -- Dumping data for table `test`
> --
>
> INSERT INTO `test` (`id`, `fullname`) VALUES (1, 'ankur patil'),
> (2, 'avinash chaudhary'),
> (3, 'raju za'),
> (4, 'tanmay wagh');
>
>
> 2:bkslash.html
>
> <html>
> <body>
> <form action=bkslash2.php method=post>
> <input type="text" name="input1">
> <select name=fields>
> <option value='id'>id</option>
> <option value=concat(concat(Fullname,','),id)>Fullname & Id</option>
> </select>
> <input type=submit >
> </form>
> </body>
> </html>
>
>
> 3:bkslash2.php
> <?php
>
> mysql_connect("localhost","proex")or die("Database Failed");
> mysql_select_db("pradeep")or die("Failed to Connect Database");
>
>
> $str="select fullname from test where ".$_REQUEST['fields']." like '%".
> $_REQUEST['input1']."%'";
> echo $str;
> $res=mysql_query($str) or die("resultset error");
> $row=mysql_fetch_row($res);
>
> echo "<br>result<hr>";
> print_r($row);
>
>
> ?>
>
>
>
>
>
> here, in output, if i enter any value (let 3) in text box & in combo
> box
> select Fullname & id then it gives me resultant error
> & Query becomes
> select fullname from test where concat(concat(Fullname,\',\'),id) like
> '%3%'
>
> so, how i get right output ?
>
> Please, guide me.
>
stripslashes($_REQUEST['fields']);
--
Rami.Elomaa@gmail.com
"Olemme apinoiden planeetalla."
Navigation:
[Reply to this message]
|