|
|
Posted by starbuck on 10/21/05 06:17
the problem with mysql is that the where condition being matched to a
value that doesn't exist.
the reason why it doesn't exist is because php changes the value from
what it should be.
a value pass in the $_POST variable, that starts with the string 'info'
is being misinterpreted by php
and therefore passed to mysql as that misinterpreted value.
1, input a value in the search box; name of form element is textfield
2. assign value of textfield to a local variable via $localvar =
$_POST{"textfield"];
3. use local variable as where condition of mysql statement:
select * from table where column like '%$localvar%';
any value you use in the original search box works all the way, whether
it exists on the mysql table or not
it retains the value that it's supposed to.
however if the value begins with info it will break the mysql statement
and result in a syntax error.
now what's so special about info?
the numerical calculations above were to determine the real value,
whatever it may be for the string passed.
numbers remain numbers, strings appear to be given a value of 0,
however a string that starts with info
is given an INF or infinite value it seems.
Navigation:
[Reply to this message]
|