10

I am having a problem with this simple sql query:

<?php 
require_once('../../Connections/tohoshows.php'); 

$show ='gothaf';

mysql_select_db($database_tohoshows, $tohoshows);
$query_getShows = "SELECT * FROM toho_shows WHERE toho_shows.show =' ". $show. " '";
$getShows = mysql_query($query_getShows, $tohoshows) or die(mysql_error());
$row_getShows = mysql_fetch_assoc($getShows);
$totalRows_getShows = mysql_num_rows($getShows);

mysql_free_result($getShows);
?>

When I use the string directly in the WHERE clause like this

 $query_getShows = "SELECT * FROM toho_shows WHERE toho_shows.show ='gothaf'";

I get a result. When I use the variable instead, I get no data! I am a novice and I can't figure out what am I doing wrong. Any help would be appreciated. Thank you!

Manuel Rauber
  • 1,583
  • 1
  • 17
  • 39
gothaf
  • 105
  • 1
  • 1
  • 6
  • 2
    [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](http://j.mp/XqV7Lp). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. – Kermit Mar 28 '13 at 14:39

1 Answers1

20

you getting no date because you have extra space betwee the quotes,

$query_getShows = "SELECT * FROM toho_shows WHERE toho_shows.show =' ". $show. " '";
                                                                    ^ HERE      ^

which will then be parsed into

SELECT * FROM toho_shows WHERE toho_shows.show =' gothaf '

remove it and it will work

$query_getShows = "SELECT * FROM toho_shows WHERE toho_shows.show ='". $show. "'";

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

Community
  • 1
  • 1
John Woo
  • 258,903
  • 69
  • 498
  • 492
  • Thank you for your answer! I have also tried with no spaces in between, but I still get no data. – gothaf Mar 28 '13 at 14:33
  • post the result of this `echo $query_getShows;` – John Woo Mar 28 '13 at 14:34
  • You shouldn't even consider using this approach anyway, @Akis, it's really easy to use prepared statements and yet it is system critical. – Jonast92 Mar 28 '13 at 14:35
  • This what I get from the echo $query_getShows; `SELECT * FROM toho_shows WHERE toho_shows.show ='gothaf'` though I still get no data when I test the SQL statement in Dreamweaver. – gothaf Mar 28 '13 at 14:44
  • Is there anything in that table that matches that? – Jonast92 Mar 28 '13 at 14:50
  • 1
    OK guys! This thing actually works, I don't know why dreamweaver doesn't return any data on the sql statement test! Thanks everybody! @Jonast92 I will consider the prepared statements as you said! Thanks! – gothaf Mar 28 '13 at 15:00
  • Thank you so much, – digitalsuite.net Jan 31 '18 at 06:00