Posted by Malcolm Dew-Jones on 10/21/05 02:17

starbuck (sbj2k1@yahoo.com) wrote:
: Hi, thanks for replying with your findings, however the problem occurs
: when trying to search in the mysql statement.
: Below is a sample of my tests:

: $var = $_POST["textfield"];

: $testvar = $var + 2;

: echo $var;
: echo "<br>";
: echo $testvar;

: below is the output for different search keywords.
: word echo $var echo $testvar
: test test 2
: 45 45 47
: formation formation 2
: information information INF
: inf inf 2
: info info INF
: inforum inforum INF


: as you can see, anything that starts with info is converted to a
: different type or value,
: if it were kept as char the addition would've yielded 2 like all other
: char inputs.
: somehow mysql is treating this also as a different type which is why
: the queries fail.
: the echo of the post variable is displayed correctly, but the 'value'
: of it changes

: this is very weird and i haven't found ways to work around it, the only
: way to retrieve records
: with the string info in them is to search for nfo or inf
: but this isn't something that users of the site would think of doing.

You appear to be misunderstanding and misexplaining your problem.

The example above uses mathematical addition within a php expression to
combine a variable containing an arbitrary string with a constant number.

That shows nothing at all about what ever problem is occurring with mysql.

The results within php (shown above) depend a great deal on the contents
of that string. The exact result depends on the rules php uses when it
tries to intepret the string as part of a mathematical expression. You
need to read the php documentation in detail to learn all the various
factors that php uses when interpretting strings in numeric calculations.

You might wish to check exactly what query string you are sending to
mysql.

I always use the following idiom

$sql = "select whatever ...";

mysql_query($sql ...etc...

The point being that if you build the query as a standalone string then it
is trivial to add an echo to confirm what sql is being run without
accidently altering anything.

echo $sql;




--

This programmer available for rent.

• Next in forum: Re: php form info...
• Prev in forum: Re: $_GET empty with Apache and content negotiation
• Thread view: Re: php form info...

[Reply to this message]