Posted by Malcolm Dew-Jones on 10/21/05 20:34

starbuck (sbj2k1@yahoo.com) wrote:
: the problem with mysql is that the where condition being matched to a
: value that doesn't exist.
: the reason why it doesn't exist is because php changes the value from
: what it should be.
: a value pass in the $_POST variable, that starts with the string 'info'
: is being misinterpreted by php
: and therefore passed to mysql as that misinterpreted value.

: 1, input a value in the search box; name of form element is textfield
: 2. assign value of textfield to a local variable via $localvar =
: $_POST{"textfield"];
: 3. use local variable as where condition of mysql statement:
: select * from table where column like '%$localvar%';

: any value you use in the original search box works all the way, whether
: it exists on the mysql table or not
: it retains the value that it's supposed to.
: however if the value begins with info it will break the mysql statement
: and result in a syntax error.
: now what's so special about info?

: the numerical calculations above were to determine the real value,
: whatever it may be for the string passed.
: numbers remain numbers, strings appear to be given a value of 0,
: however a string that starts with info
: is given an INF or infinite value it seems.

Mysql receives a string, and you haven't examined that string. The
problem has nothing to do with mysql, and everything to do with how you
build the query string.

You don't include any code that illustrates the problem so there is
nothing that can be done help fix it.

My example code did not reproduce your problem.


$var = 'm';
$sql = "select * from Contacts where owner like '%$var%'";
echo "$sql \n";

$sth = mysql_query($sql, $dbh) or die(mysql_error());
while($row = mysql_fetch_array($sth))
{
echo $row['owner'];

}

$var = 'info';
$sql = "select * from Contacts where owner like '%$var%'";
echo "$sql \n";

$sth = mysql_query($sql, $dbh) or die(mysql_error());
while($row = mysql_fetch_array($sth))
{
echo $row['owner'];

}


Both code samples worked just fine against one of my databases.

--

This programmer available for rent.

[Back to original message]