Quote:
Originally Posted by perplexed
I'm still having a mountain of baffling problems getting basic and simple scripts and queries to work with my new host here on WHUK.
These scripts have worker perfectly (and also instantly upon creation) with my previous hosts servers for the best part of a decade. WHUK are using the same MySql version as the scripts were coded.
Please can someone tell me, if it is me at fault, what is wrong with the following query. I wish to select all COLUMNS not all RECORDS in the database - which is exactly what it spews out.
Surely i don't have to replace the '*' with the name of every single column?. I'm using the same version and '*' is a perfectly valid shorthand to use.
PHP Code:
$sql=stripslashes ("SELECT * FROM table_name WHERE '$a' LIKE '%$b%' ORDER BY '$c'");
|
As others have said, it is most likely a register globals issue.
Add the following line to your code
echo $sql;
and see if the query actually contains what you think it contains.
All modern installations will have register globals disabled. This is a Good Thing but may need some tweaking of legacy code.
The code looks like it could be potentially very insecure. Assuming the variables are coming from a POSTed form you should have
PHP Code:
$a=mysql_real_escape_string($_POST['a']);
$b=mysql_real_escape_string($_POST['b']);
$c=mysql_real_escape_string($_POST['c']);
$sql="SELECT * FROM table_name WHERE '$a' LIKE '%$b%' ORDER BY '$c'";
You may not need the stripslashes.