|
Posted by starbuck on 10/20/05 01:03
Hi,
have a form, with a text input "fieldname".
method POST
$var = $_POST["fieldname"]
$var is then used to search in mysql
select * from table where jobtype like '$var%'
OR jobtype like '%$var%'
OR jobtype like '%$var'
OR jobtype like '$var' order by date asc;
basically i'm doing a search for any string that matches the searched
input, being at the beginning, middle or end of the jobtype column.
query works great, except when the string contains the 4-letter word
'info' such as information or informative
then the mysql query breaks down and give the usual:
Error performing query: You have an error in your SQL syntax. Check the
manual that corresponds to your MySQL server version for the right
syntax to use near 'ORDER BY date ASC' at line 1
Now after much debugging, i found out that the php _POST variable
treats anything with info as a numner of 0 value.
inf is treated as text, nformation is treated as text, but anything
with info gets a 0 value.
Searched php.net and couldn't find anything related to this feature,
looked under security to see if it was related to that, but nothing.
Can anyone look into it and elaborate?
create a form, then echo the value of the $_POST variable
and try words that contain info in them.
thanks.
SBJ
[Back to original message]
|