[ic] building OR statement in mysql for query tag
notconsideringall options
Stefan Hornburg
racke at linuxia.de
Fri May 27 18:25:26 EDT 2005
On Fri, 27 May 2005 17:06:02 -0400
"Aaron" <interch at hazenet.net> wrote:
>
> On Friday, May 27, 2005 3:01 PM, I wrote :-)
> >
> >
> > On Friday, May 27, 2005 1:16 PM
> > Racke, racke at linuxia.de wrote:
> > >
> > >
> > > On Fri, 27 May 2005 12:29:36 -0400
> > > "Aaron" <interch at hazenet.net> wrote:
> > >
> > [snip]
> > > > Returning this variable to the screen would for example
> > > give you the
> > > > following query (line breaks added to make it easier to
> > > read): SELECT
> > > > * FROM services
> > > > WHERE adv_user = 'Acme Services'
> > > > AND brand = 'General Brands'
> > > > AND contract = 'Acme'
> > > > AND date BETWEEN '20050101' AND '20050527'
> > > > AND completed = '1'
> > > > AND ( type = 'Buff-Floor'
> > > > OR type = 'Facade-Pressure-Wash'
> > > > OR type = 'HVAC-Maint.'
> > > > OR type = 'Lighting-Maint.'
> > > > OR type = 'Refrigeration-Maint.'
> > > > OR type = 'Strip-Floor' )
> > > > ORDER BY date, store
> > > >
>
> This query LOOKS perfect, but it contained NULL characters, so a simple
> removal took care of that and that allows it to work. I still don't
> understand how that stopped it from carrying on as it did go through the
> rest of the query and do the ordering for example, but that was the
> solution.
I assume that you were using the $CGI variable for type(s) coming
from the select box. This contains \0. You can use $CGI_array instead,
e.g.
$types = join('OR', map {"type = '$_'"} @{$CGI_array->{type}});
This is not perfectly save, as an user can pass single quotes and
crash the query.
Bye
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
More information about the interchange-users
mailing list