[Wolves] PHP Sql select losing a row

David Goodwin david at codepoets.co.uk
Tue Jul 9 11:01:18 UTC 2013


On 9 Jul 2013, at 11:46, Wayne Morris <waynelists at machx.co.uk> wrote:

> Hi,
> 
> I have the following select which loses one row from the database - ie it produces 4 rows instead of the correct 5.
> And ideas what I am doing wrong?

Yes.

> 
> $queryz = "SELECT *
> FROM property
> WHERE postcode like '%$postcodevoid%' and let = '1'
> 
> ";
> 

1. Using silly variable names. 
2. Probably writing code that's vulnerable to SQL injection. Please make sure you run $postcodevoid = mysql_real_escape_string($postcodevoid) or the equivalent.


>    $resultz = mysql_query($queryz);
>    $num_rows = mysql_num_rows($resultz);
> $rowz = mysql_fetch_array($resultz);
> 
> for($i=1; $i <= $num_rows; $i++)
> 

3. Wrapping the while loop in a for loop …. and starting that loop count at 1, instead of 0.

> 
> while($rowz = mysql_fetch_array($resultz)) {
> 
> print("<TABLE border=\"1\" cellspacing\"0\" cellpadding=\"0\" width=100% style=\"font-size: 10pt\">\n");
> print("<TD width=10% wrap style=\"wrap: 1 solid #800000\">".$rowz["address1"]." </td>    ". " ");
> print("<TD width=5% wrap style=\"wrap: 1 solid #800000\">".$rowz["address2"]." </td>");
> print("<TD width=5% wrap style=\"wrap: 1 solid #800000\">".$rowz["postcode"]." </td>");
> }


You probably just want :
//...
mysql_connect(….);
mysql_select_db(….);
// ….
$postcode = mysql_real_escape_string($_GET['postcode']); /* I presume */
$query = "SELECT * FROM property WHERE postcode like '%$postcode%' AND let = '1'";

$result = mysql_query($query);
while($row = mysql_fetch_array($result)) {
	echo "…….blah bah blah {$row['address1']} blah blah blah {$row['address2']} …. \n";
}


David.





More information about the Wolves mailing list