views:

112

answers:

6

This works.

function get_distinct_size_for_bracelets() {
    $sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='plastic' ORDER BY size";
}

This does not work and stops php dead with no error reporting.

 function get_distinct_size_for_bracelets($myvalue) {
    $sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type=".$myvalue." ORDER BY size";
}

I have tried a number of configurations and nothing is working.

+2  A: 
function get_distinct_size_for_bracelets($myvalue) {
    $sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='".$myvalue."' ORDER BY size";
}

You still need the single quotes in the SQL query.

sixfoottallrabbit
Thanks. That was it. I have single quotes elsewhere in my database calls using arrays. So I don't know why this call would require a different syntax.
Jeff
I think perhaps you've misunderstood the edit. If $myvalue was equal to "foo", using your original script, the SQL would have become "type=foo" and in SQL this means "type attribute is equal to foo attribute". With my edit, the SQL becomes "type='foo'" which means "type attribute equals the string 'foo'".
sixfoottallrabbit
+1  A: 

Remember to quote the passed value:

function get_distinct_size_for_bracelets($myvalue) 
{ 
$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type=".$myvalue." ORDER BY size";
}

Should be:

function get_distinct_size_for_bracelets($myvalue) 
{ 
$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='".$myvalue."' ORDER BY size";
}

Note the added single quotes at type.

marramgrass
+1  A: 

You need single quotes around it still. So

$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='".$myvalue."' ORDER BY size";
Magic Hat
A: 

try

function get_distinct_size_for_bracelets($myvalue) {
    $sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='".$myvalue."' ORDER BY size";
}
Justin Giboney
+2  A: 

You're not escaping your value and you're forgetting your single quotes, that'd be my guess. Try:

function get_distinct_size_for_bracelets($myvalue) { 
    $query = sprintf("SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='%s'  ORDER BY size",
        mysql_real_escape_string($myvalue));
}

That lets you pass an escaped value into the string, as opposed to using concatenation.

Parrots
A: 

MySQL has different data types too. And strings need to be enclosed in quotes too:

$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='".$myvalue."' ORDER BY size";

Or better with additional use of the mysql_real_escape_string function:

$sql = "SELECT DISTINCT size FROM mytable WHERE id = 27 AND type='".mysql_real_escape_string($myvalue)."' ORDER BY size";
Gumbo