-2
A)$getDetails = mysql_query("SELECT * FROM `OnlineRequests` WHERE `OSR_CODE`='".$code."'");

B)$getDetails = mysql_query("SELECT * FROM `OnlineRequests` WHERE `OSR_CODE`='oooqhqxrcglm3jn6xd2lseq43nb3cq'");

It's PHP. B works but A doesn't. WHY? Syntax error? I feel like I've tried everything possible...

Ishikawa
  • 177
  • 2
  • 12
  • what's the error being thrown? – John Woo Nov 12 '12 at 01:05
  • Lack of database escaping? Did you check `mysql_error()`? – mario Nov 12 '12 at 01:05
  • possible duplicate of [Best way to prevent SQL injection?](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection) – mario Nov 12 '12 at 01:06
  • But sometimes I got "supplied argument is not a valid MySQL result resource" – Ishikawa Nov 12 '12 at 01:06
  • Okay, and what was `$code` when you got that? please provide enough information to answer the question. – Hamish Nov 12 '12 at 01:07
  • @mario it's not a duplicate but maybe the future problem. – John Woo Nov 12 '12 at 01:07
  • check your variable isn't $code = "'oooqhqxrcglm3jn6xd2lseq43nb3cq'"; because that would make the query value look like this ''oooqhqxrcglm3jn6xd2lseq43nb3cq'' – Lucas Nov 12 '12 at 01:08
  • Put your query in a variable: $query="SELECT * FROM `OnlineRequests` WHERE `OSR_CODE`='".$code."'"; and then echo the query. Copy the query and run it in mysql directly and see if it works. – Commander Nov 12 '12 at 01:22

2 Answers2

0

When I do MySQL Queries I don't use OSR_CODE=".$random_variable." I use OSR_CODE='$random_variable' so just use quotes around it opposite of the containing quotes, see if that works. Just a suggestion, works for me.

Edit: Try $getDetails = mysql_query("SELECT * FROMOnlineRequestsWHEREOSR_CODE='.$code.'"); ??

NardCake
  • 130
  • 2
  • 9
  • 1
    Normally in situations like this it's something obvious, this kind of stuff happens to me all the time. Check the variable name, check everything that goes into the variable. Also try to turn some error reporting on. – NardCake Nov 12 '12 at 01:27
  • GASP! That was it, it was something that went into the variable, something really stupid. I feel like an idiot because I've been trying for hours... – Ishikawa Nov 12 '12 at 01:53
  • Ha! It's cool it happens to all of us! – NardCake Nov 12 '12 at 02:01
-1

To make A work, use

$getDetails = mysql_query("SELECT * FROM `OnlineRequests` WHERE `OSR_CODE`=\"$code\"");

The problem is the single quotes.

Works On Mine
  • 1,111
  • 1
  • 8
  • 20