开发者

Dynamic php vars in mysql, sql- vars get set, but result set is empty?

开发者 https://www.devze.com 2023-03-05 00:51 出处:网络
I have the following code created by someone else, and though it seems like the variables are passed, nothing is returning in the results set;

I have the following code created by someone else, and though it seems like the variables are passed, nothing is returning in the results set; The page: http://www.libraries.uc.edu/research/subject_resources/art/db/index.php... then do a search. Here is the code on the results page below (edited slightly for length). I have a feeling it's quotes and such, but have been overlooking something!

<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
if (isset($_GET['stval'])) {
  $stval_Recordset1 = (get_magic_quotes_gpc()) ? $_Get['stval'] : addslashes($_Get['stval']);
}


if (isset($_GET['stval'])) {
  $stval_Recordset1 = $_GET['stval'];
}

if (isset($_GET['sq'])) {
  $sq_Recordset1 = $_GET['sq'];
}
mysql_select_db($database_daap_photo, $daap_photo);
$query_Recordset1 = sprintf("SELECT * FROM main WHERE %s = %s ", GetSQLValueString($stval_Recordset1, "text"),GetSQLValueString($sq_Recordset1, "text"));
 $Recordset1 = mysql_query($query_limit_Recordset1, $daap_photo) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);

?>

then in the body:

<?php  print_r($_GET);
 if(isset($_GET["stval"])) echo "stval is set\n";
  if(isset($_GET["sq"])) echo "sq is set\n";

 ?>
<table width="100%" border="0" cellpadding="2" cellspacing="2">
  <tr bgcolor="#CCCCCC">
    <td colspan="4" bgcolor="#FFFFFF"><h1>Art</h1>
      <h2>Photography Images Slide Collection -Search Results </h2>      
      <p align="left" class="style1">Your search returned <strong></strong> records.<br />
        |<br />
      </p>
      <p align="left" class="style1">Your search returned no results. Please
        use your browsers back button to search again. </p>
      <p>&nbsp;First | Previous | Next | Last<br />
        <br />
      </p></td>
    <td bgcolor="#FFFFFF">&nbsp;</td>
  </tr>
  <tr bgcolor="#CCCCCC">
    <td bgcolor="#CCCCCC"><p><strong>Last Name </strong></p>
      </td>
    <td bgcolor="#CCCCCC"><strong>First Name </strong></td>
    <td bgcolor="#CCCCCC"><strong>Dates</strong></td>
    <td bgcolor="#FFFFFF">&nbsp;</td>
    <td bgcolor="#FFFFFF">&nbsp;</td>
    </tr>
  <tr bgcolor="#CCCCCC">
    <td bgcolor="#FFFFFF">&nbsp;</td>
    <开发者_如何学JAVAtd><strong>Nationality</strong></td>
    <td><strong>Subject</strong></td>
    <td><strong>Quantity</strong></td>
    <td><strong>Media</strong></td>
    </tr>
  <?php do { ?>
  <tr>
    <td class="bold"><?php echo $row_Recordset1['LAST_NAME']; ?></td>
    <td><?php echo $row_Recordset1['FIRST_NAME']; ?></td>
    <td><?php echo $row_Recordset1['DATES']; ?></td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    </tr>

etc....

Thanks!


Try to change query to

SELECT * FROM main WHERE %s = '%s'
0

精彩评论

暂无评论...
验证码 换一张
取 消