php searching function

hello please me out regarding this function . Its searching script. when i am passing integer to it it work and when i pass like 12eh it doesnt work . although i have kept varchar as a datatype so it can work for both

function view($pno)
{
$this->query=("select * from user where pno=$pno");
$rd = $this->executeQuery();
@$data = $rd->fetch_asso开发者_Go百科c();
return $data; 
}

---

You need to quote your variable in the SQL query:

$this->query=("select * from user where pno = '$pno'");

Also you would probably do well to do:

$pno = mysql_escape_string($pno);

Before sticking the variable in your SQL statement. The man page explains more.

---

$this->query=("select * from user where pno='$pno'");

missing quotes around $pno

---

mysql_escape_string() is deprecated in PHP 5.3. Use instead mysql_real_escape_string()

Code will be something like this:

$this->query = "SELECT * FROM user WHERE pno = '" . mysql_real_escape_string($pno) . "'";