PHP Forum

**dgkindy** · 04-15-2010, 08:14 AM

I have the following string that I am tryingt execute, however I get an error that prevents the code from running correctly.

PHP Code:


			
$str_row=$str_row.'<td><a href="display_md4c8.php?project='.$row['project'].'&status=Plan.order">'.$row1['planned'].'</a></td>';

Quote:

SELECT * FROM tbl_md4c WHERE project=3418499 AND status=Plan.order ORDER BY project ASC DB Error, could not query the databaseMySQL Error: Unknown column 'Plan.order' in 'where clause'

If I run the query directly in the db, this is the error that I get

Quote:

#1054 - Unknown column 'Plan.order' in 'where clause'

If I put quotes around the Plan.order, then it works

Quote:

SELECT *
FROM tbl_md4c WHERE project =3418499 AND STATUS = "Plan.order" ORDER BY project ASC

If I have phpMyAdmin create the php code for the query, it generates

Quote:

$sql = "SELECT * FROM tbl_md4c WHERE project=3418499 AND status=\"Plan.order\" ORDER BY project ASC";

where it is inserting \" around the Plan.order

However if I try to add the \" into my original string like so

Quote:

$str_row=$str_row.'<td><a href="display_md4c8.php?project='.$row['project'].'&status=\"Plan.order\"">'.$row1['planned'].'</a></td>';

this is the resulting error message.

Quote:

SELECT * FROM tbl_md4c WHERE project=3418499 AND status=\\ ORDER BY project ASC DB Error, could not query the databaseMySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\ ORDER BY project ASC' at line 1

**JeremyMiller** · 04-15-2010, 07:54 PM

First, you should not be putting SQL directly from a URL. This is a great opportunity for what is known as SQL injection and can threaten your database.

Second, you should go to where the query is in your code and add the quotes.

**dgkindy** · 04-15-2010, 09:20 PM

I am not inserting sql statement into a URL. I am trying to pass two values to a second page. Project number and Status.

Plan.order is data that exists in a table under the column status. It could be the (.) that is causing the problem.

This is the resulting SQL statement that in created on the second sheet however, it is getting stuck on the Plan.order or so it seems.

SELECT * FROM tbl_md4c WHERE project=3418499 AND status=Plan\\.order ORDER BY project ASC DB Error, could not query the database MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\.order ORDER BY project ASC' at line 1

I tried to insert single quote as you suggested but no luck. My string and resulting error below.

if (strlen(strstr($_SESSION['interface'],"H"))>0) $str_row=$str_row.'<td><a href="display_md4c8.php?project='.$row['project'].'&status='Plan.order'">'.$row1['planned'].'</a></td>';

Parse error: parse error in C:\Program Files\EasyPHP 3.0\www\My Websites\Fat Cat\display_project_list3.php on line 98

**dgkindy** · 04-15-2010, 10:03 PM

Okay, I got it, the problem was on the other end. When I passed the variable Plan.order, I needed to add quotes to the sql on the new form.

**chrishirst** · 04-19-2010, 07:05 PM

Yep
ORDER is a reserved word in SQL