Php and an access database

Syntax error (missing operator) in query expression

Page 1 of 1

3 Replies - 1966 Views - Last Post: 21 January 2010 - 02:35 AM

#1 JTonline  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 28
  • Joined: 27-January 09

Php and an access database

Posted 18 December 2009 - 08:34 AM

Hi,

I am trying to get make a PHP page search an access database. However I am getting tohe following error.

Quote

Warning: odbc_exec() [function.odbc-exec]: SQL error: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'Barcode=\'1111115253\''., SQL state 37000 in SQLExecDirect in F:\wwwroot\ibar\searchDataBase.php on line 44

Warning: odbc_fetch_row(): supplied argument is not a valid ODBC result resource in F:\wwwroot\ibar\searchDataBase.php on line 45


The lines of code in question are (starting at line 43)
		$sql="SELECT * FROM products WHERE Barcode=\'".$_GET['input']."\'";
		$rs=odbc_exec($conn,$sql);
		while (odbc_fetch_row($rs)){
			$compname=odbc_result($rs,"Barcode");
			$conname=odbc_result($rs,"Product");
			echo "$compname - ";
			echo "$conname";
		}
		odbc_close($conn);

I am preasuming from the error there is a issue with my syntax, but I cannot seem to find any issue with it at all. Should you require more information please let me know!

Thanks for your help,
Joe

Is This A Good Question/Topic? 0
  • +

Replies To: Php and an access database

#2 BenignDesign  Icon User is offline

  • holy shitin shishkebobs
  • member icon




Reputation: 7485
  • View blog
  • Posts: 12,079
  • Joined: 28-September 07

Re: Php and an access database

Posted 06 January 2010 - 02:20 PM

I didn't think you could use a $_GET directly in a query....

Have you tried:
$input=$_GET['input'];
$sql="SELECT * FROM products WHERE Barcode=\'".$input."\'";


This post has been edited by BenignDesign: 06 January 2010 - 02:22 PM

Was This Post Helpful? 0
  • +
  • -

#3 AdaHacker  Icon User is offline

  • Resident Curmudgeon

Reputation: 463
  • View blog
  • Posts: 820
  • Joined: 17-June 08

Re: Php and an access database

Posted 06 January 2010 - 06:27 PM

View PostBenignDesign, on 6 Jan, 2010 - 03:20 PM, said:

I didn't think you could use a $_GET directly in a query....
Of course you can. It's just another variable, after all.

The problem is the backslashes in the SQL string. Since the query is enclosed in double-quotes, there is no need to escape the single-quotes. In this code, they end up getting passed through to the DBMS, which results in invalid SQL. It should be more like this:
$sql="SELECT * FROM products WHERE Barcode='".$_GET['input']."'";


Edit: <Insert requisite "always sanitize input before passing it into your SQL" lecture here.>

This post has been edited by AdaHacker: 06 January 2010 - 06:31 PM

Was This Post Helpful? 0
  • +
  • -

#4 JTonline  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 28
  • Joined: 27-January 09

Re: Php and an access database

Posted 21 January 2010 - 02:35 AM

Thats fixed it, Thanks for your help!
I'm not sure why I thought the double quotes needed escaping, and yes I am sanitising the input it's just that was a quick version I built and I hadn't added it in yet
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1