OT: Help with MySQL/PHP line (SQL syntax)

Report · Oct 11, 2006

I have this now -

$colname_rsPassword = $_POST['password'];

$query_rsPassword = sprintf("SELECT contactFName, contactLName,
contactPassword, contactEmail, contactRecord FROM tblcontactdata WHERE
contactPassword = %s", GetSQLValueString($colname_rsPassword, "text"));

How would I change that to include $_POST['LName'] and $_POST['FName'] (as
posted from the form) in the WHERE clause?

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================

Report · Oct 11, 2006

On 11 Oct 2006 in macromedia.dreamweaver.appdev, Murray *ACE* wrote:

> $query_rsPassword = sprintf("SELECT contactFName, contactLName,
> contactPassword, contactEmail, contactRecord FROM tblcontactdata
> WHERE contactPassword = %s", GetSQLValueString($colname_rsPassword,
> "text"));
>
> How would I change that to include $_POST['LName'] and
> $_POST['FName'] (as posted from the form) in the WHERE clause?

$query_rsPassword = sprintf("SELECT contactFName, contactLName,
contactPassword, contactEmail, contactRecord FROM tblcontactdata WHERE
contactPassword = %s AND firstName = %s AND lastName = %s",
GetSQLValueString($colname_rsPassword, "text"), $_POST['LName'], $_POST
['FName']);

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/email.php

Report · Oct 11, 2006

Shazam! That's what I was not understanding! Thanks, Joe.

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================

"Joe Makowiec" <makowiec@invalid.invalid> wrote in message
news:Xns985969E606090makowiecatnycapdotrE@216.104.212.96...
> On 11 Oct 2006 in macromedia.dreamweaver.appdev, Murray *ACE* wrote:
>
>> $query_rsPassword = sprintf("SELECT contactFName, contactLName,
>> contactPassword, contactEmail, contactRecord FROM tblcontactdata
>> WHERE contactPassword = %s", GetSQLValueString($colname_rsPassword,
>> "text"));
>>
>> How would I change that to include $_POST['LName'] and
>> $_POST['FName'] (as posted from the form) in the WHERE clause?
>
> $query_rsPassword = sprintf("SELECT contactFName, contactLName,
> contactPassword, contactEmail, contactRecord FROM tblcontactdata WHERE
> contactPassword = %s AND firstName = %s AND lastName = %s",
> GetSQLValueString($colname_rsPassword, "text"), $_POST['LName'], $_POST
> ['FName']);
>
> --
> Joe Makowiec
> http://makowiec.net/
> Email: http://makowiec.net/email.php

Report · Oct 11, 2006

On 11 Oct 2006 in macromedia.dreamweaver.appdev, Murray *ACE* wrote:

> Shazam! That's what I was not understanding! Thanks, Joe.

No prob. You'd probably want to surround the posted values with wildcard
characters, and/or do something about case, before you send the values to
the database.

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/email.php

Report · Oct 11, 2006

Hmm - it didn't work.

$query_rsPassword = sprintf("SELECT contactFName, contactLName,
contactPassword, contactEmail, contactRecord FROM tblcontactdata WHERE
contactPassword = %s AND contactFName = %s AND contactLName = %s",
GetSQLValueString($colname_rsPassword, "text"), $_POST['fname'],
$_POST['lname']);

Tells me -

Unknown column 'Murray' in 'where clause'

Casing I can take care of later...

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================

"Joe Makowiec" <makowiec@invalid.invalid> wrote in message
news:Xns98596B911B5D7makowiecatnycapdotrE@216.104.212.96...
> On 11 Oct 2006 in macromedia.dreamweaver.appdev, Murray *ACE* wrote:
>
>> Shazam! That's what I was not understanding! Thanks, Joe.
>
> No prob. You'd probably want to surround the posted values with wildcard
> characters, and/or do something about case, before you send the values to
> the database.
>
> --
> Joe Makowiec
> http://makowiec.net/
> Email: http://makowiec.net/email.php

Report · Oct 11, 2006

On 11 Oct 2006 in macromedia.dreamweaver.appdev, Murray *ACE* wrote:

> $query_rsPassword = sprintf("SELECT contactFName, contactLName,
> contactPassword, contactEmail, contactRecord FROM tblcontactdata WHERE
> contactPassword = %s AND contactFName = %s AND contactLName = %s",
> GetSQLValueString($colname_rsPassword, "text"), $_POST['fname'],
> $_POST['lname']);
>
> Tells me -
>
> Unknown column 'Murray' in 'where clause'

What does <?php echo $query_rsPassword ?> look like?

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/email.php

Report · Oct 11, 2006

Good idea. It's missing the quotes on the two latter variables -

SELECT contactFName, contactLName, contactPassword, contactEmail,
contactRecord FROM tblcontactdata WHERE contactPassword = 'uwUYreTTM' AND
contactFName = Murray AND contactLName = Summers

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================

"Joe Makowiec" <makowiec@invalid.invalid> wrote in message
news:Xns98596FD3D17A4makowiecatnycapdotrE@216.104.212.96...
> On 11 Oct 2006 in macromedia.dreamweaver.appdev, Murray *ACE* wrote:
>
>> $query_rsPassword = sprintf("SELECT contactFName, contactLName,
>> contactPassword, contactEmail, contactRecord FROM tblcontactdata WHERE
>> contactPassword = %s AND contactFName = %s AND contactLName = %s",
>> GetSQLValueString($colname_rsPassword, "text"), $_POST['fname'],
>> $_POST['lname']);
>>
>> Tells me -
>>
>> Unknown column 'Murray' in 'where clause'
>
> What does <?php echo $query_rsPassword ?> look like?
>
> --
> Joe Makowiec
> http://makowiec.net/
> Email: http://makowiec.net/email.php

Report · Oct 11, 2006

On 11 Oct 2006 in macromedia.dreamweaver.appdev, Murray *ACE* wrote:

> SELECT contactFName, contactLName, contactPassword, contactEmail,
> contactRecord FROM tblcontactdata WHERE contactPassword =
> 'uwUYreTTM' AND contactFName = Murray AND contactLName = Summers

That might be the problem. Try adding the quotes to the string:

$query_rsPassword = sprintf("SELECT contactFName, contactLName,
contactPassword, contactEmail, contactRecord FROM tblcontactdata WHERE
contactPassword = %s AND contactFName = '%s' AND contactLName = '%s'",
GetSQLValueString($colname_rsPassword, "text"), $_POST['fname'],
$_POST['lname']);

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/email.php

Report · Oct 11, 2006

I did it another way -

GetSQLValueString($colname_rsPassword, "text"), $_POST['fname'],
$_POST['lname']);

goes to this -

GetSQLValueString($colname_rsPassword, "text"), "'".$_POST['fname']."'",
"'".$_POST['lname']."'");

Woiks!

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================

"Joe Makowiec" <makowiec@invalid.invalid> wrote in message
news:Xns98598AD9E385DmakowiecatnycapdotrE@216.104.212.96...
> On 11 Oct 2006 in macromedia.dreamweaver.appdev, Murray *ACE* wrote:
>
>> SELECT contactFName, contactLName, contactPassword, contactEmail,
>> contactRecord FROM tblcontactdata WHERE contactPassword =
>> 'uwUYreTTM' AND contactFName = Murray AND contactLName = Summers
>
> That might be the problem. Try adding the quotes to the string:
>
> $query_rsPassword = sprintf("SELECT contactFName, contactLName,
> contactPassword, contactEmail, contactRecord FROM tblcontactdata WHERE
> contactPassword = %s AND contactFName = '%s' AND contactLName = '%s'",
> GetSQLValueString($colname_rsPassword, "text"), $_POST['fname'],
> $_POST['lname']);
>
> --
> Joe Makowiec
> http://makowiec.net/
> Email: http://makowiec.net/email.php