0

I am trying to get my php script to output the name of a row in my mysql database. I know the issue is with the long >= '$Slong'. The long value in the datase is a float. The Slong value is set to 1.11 and there is a row that has the long value at 1.21.

I believe this is where the problem lies:

$Slong = $long - 0.01;
$result = mysql_query("SELECT name FROM locations WHERE age < '$age' AND aTime = 'Morning' AND long >= '$Slong'");
Max
  • 318
  • 1
  • 3
  • 11

2 Answers2

1

Long is reserved keyword, so use backticks around:

$Slong = $long - 0.01;
$result = mysql_query("SELECT name FROM locations WHERE age < '$age' AND aTime = 'Morning' AND `long` >= '$Slong'");
mitkosoft
  • 5,262
  • 1
  • 13
  • 31
0

long is keyword in sql. You should use back tick character(`).

For back tick, refer https://superuser.com/questions/254076/how-do-i-type-the-tick-and-backtick-characters-on-windows

Also instead of using direct substitution values, you could use below methods to avoid sql injection.

You basically have two options to achieve this:

Using PDO (for any supported database driver):

$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name');

$stmt->execute(array('name' => $name));

foreach ($stmt as $row) {
    // do something with $row
}

Using MySQLi (for MySQL):

$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
$stmt->bind_param('s', $name);

$stmt->execute();

$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    // do something with $row
}

Please refer How can I prevent SQL-injection in PHP?

Community
  • 1
  • 1
Tamil
  • 1,193
  • 9
  • 24