PHP+MySQL query with empty value

Report · Apr 09, 2006

Hi!

Software is DW8 with Apache 2.0.48, MySQL ver. 4.0.15a, PHP 4.2.3.

We had problem when a submitted value for 'regionID' in the submit page
was left blank and the following error message appears in the result page:

"You have an error in your SQL syntax. Check the manual that corresponds
to your MySQL server version for the right syntax to use near 'LIMIT 0,
3' at line 1"

The problem was solved by adding at the top of the page:

<?php
if (isset($_POST['regionID']) && empty($_POST['regionID'])) {
$_POST['regionID'] = '0';
}
?>

How to change the above code to retrieve ALL records when an empty \
blank value is submitted for 'regionID'?

TIA

Nanu

Report · Apr 13, 2006

<?php
if (isset($_POST['regionID']) && empty($_POST['regionID'])) {
$_POST['regionID'] = '%';
}
?>

Report · Apr 13, 2006

Salines wrote:
> <?php
> if (isset($_POST) && empty($_POST)) {
> $_POST = '%';
> }
> ?>

You also need to change the SQL from = to LIKE.

--
David Powers
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "Foundation PHP 5 for Flash" (friends of ED)
http://foundationphp.com/

Report · Apr 13, 2006

Thanks!

Can I replace the $_POST with $_GET? Will it work the same?

TIA

Nanu

David Powers wrote:
> Salines wrote:
>
>> <?php
>> if (isset($_POST) && empty($_POST)) {
>> $_POST = '%';
>> }
>> ?>
>
>
> You also need to change the SQL from = to LIKE.
>

Report · Apr 14, 2006

Nanu Kalmanovitz wrote:
> Can I replace the $_POST with $_GET? Will it work the same?

Have you tried it? If you had, you would know that the answer is yes.

--
David Powers
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "Foundation PHP 5 for Flash" (friends of ED)
http://foundationphp.com/

Report · Apr 15, 2006

I changed it to the following:

<?php
if (isset($_GET['Kvish_F01']) && empty($_GET['Kvish_F01'])) {
$_GET['Kvish_F01'] LIKE '%';
}
?>

but when "preview" it in browser, it display the following error message:

Parse error: parse error, unexpected T_STRING in
Applic:/HTDocs/k_comm/.../Tiulim/TiulimApp05b.php on line 5

TIA

Nanu

David Powers wrote:
> Salines wrote:
>
>> <?php
>> if (isset($_POST) && empty($_POST)) {
>> $_POST = '%';
>> }
>> ?>
>
>
> You also need to change the SQL from = to LIKE.
>

Report · Apr 15, 2006

Nanu Kalmanovitz wrote:
> I changed it to the following:
>
> <?php
> if (isset($_GET['Kvish_F01']) && empty($_GET['Kvish_F01'])) {
> $_GET['Kvish_F01'] LIKE '%';
> }
> ?>

Read my original again:

>> You also need to change the SQL from = to LIKE.

You change the = to LIKE in the SQL query, not in the conditional statement.

SELECT * FROM myTable
WHERE Kvish_F01 LIKE 'param'

--
David Powers
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "Foundation PHP 5 for Flash" (friends of ED)
http://foundationphp.com/

Report · Apr 16, 2006

Something I picked up at a PHP/MySQL seminar... $_REQUEST works in place of either $_GET or $_POST. It basically means use either get or post. But it is less precise because it can pick up either variable and has to think about the request...

Remember, $_GET is for variables in the url string (limited to 256 characters), $_POST is for form variables (longer data). Request will automatically choose the right type.

Report · Apr 17, 2006

bbgirl wrote:
> Something I picked up at a PHP/MySQL seminar... $_REQUEST works in place of
> either $_GET or $_POST. It basically means use either get or post. But it is
> less precise because it can pick up either variable and has to think about the
> request...

I'm afraid you've picked up rather poor information. $_REQUEST relies on
register_globals being turned on. Since register_globals is considered a
major security risk, the default setting has been off since April 2002.

Many hosting companies have turned register_globals on, in spite of the
security problems, because so many poorly written scripts rely on it.
The PHP development team has decided to resolve this security issue once
and for all by removing register_globals from PHP 6.

Forget $_REQUEST. Use $_POST and $_GET always. It's safer, and it's
futureproof.

--
David Powers
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "Foundation PHP 5 for Flash" (friends of ED)
http://foundationphp.com/

Report · Apr 18, 2006

.oO(David Powers)

>bbgirl wrote:
>> Something I picked up at a PHP/MySQL seminar... $_REQUEST works in place of
>> either $_GET or $_POST. It basically means use either get or post. But it is
>> less precise because it can pick up either variable and has to think about the
>> request...
>
>I'm afraid you've picked up rather poor information. $_REQUEST relies on
>register_globals being turned on. Since register_globals is considered a
>major security risk, the default setting has been off since April 2002.

$_REQUEST simply contains the content of $_GET, $_POST and $_COOKIE,
regardless of the register_globals setting.

>Forget $_REQUEST. Use $_POST and $_GET always. It's safer, and it's
>futureproof.

Agreed.

Micha

Report · Apr 18, 2006

Michael Fesser wrote:
> $_REQUEST simply contains the content of $_GET, $_POST and $_COOKIE,
> regardless of the register_globals setting.

Thanks for pointing that out. I was basing my information on
"Programming PHP" by Rasmus Lerdorf and Kevin Tatroe (O'Reilly). They
say on page 160: "The $_REQUEST array is also created by PHP if the
register_globals option is on."

Since Rasmus is the creator and one of the lead developers of PHP, you
would think they would get something like that right in the book. I
wonder $_REQUEST has changed or if it's just a mistake.

Still, $_REQUEST is a bad choice. It's far safer to be specific with
$_POST and $_GET.

--
David Powers
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "Foundation PHP 5 for Flash" (friends of ED)
http://foundationphp.com/