How does this even happen? Odd result from mysql_query

**Arenlor** · 11-18-2007, 09:12 AM

I don't know how but I'm getting a result when I shouldn't be. My code and screenshots of what's happening are below but basically I SELECT from a table where it matches an ID number, and I GET the number to select with (see below) so entering something like ark should and does do nothing, but entering 1ark shows it. I'm confused as to why/how this is happening. Also, tested with it and ark1 shows nothing also, so it's the leading 1 I think.

PHP Code:


			
<?php require_once("header.txt");
$cat = $_GET['cat'];
if($cat == ''){
    require_once("conn.php");
    $getcat = "select * from categories";
    $catget = mysql_query($getcat);
    $catnum = mysql_num_rows($catget);
    echo '<ol class="center">';
    for($i = 0; $i < $catnum; $i++){
        $cats = mysql_fetch_array($catget);
        echo "<li><a href=\"categories.php?cat=".$cats[0]."\">".$cats[1]."</a></li>";
    } echo '</ol>';
}
else{
    require_once("conn.php");
    mysql_real_escape_string($cat);
    echo $cat; //For Screenshots, so that you see what's entered.
    $getcat = "select topic_id,title from topics where cat_id = '$cat'";
    $catget = mysql_query($getcat);
    $catnum = mysql_num_rows($catget);
    echo '<ol class="center">';
    for($i = 0; $i < $catnum; $i++){
        $tops = mysql_fetch_array($catget);
        echo '<li><a href="topics.php?top='.$tops[0].'">'.$tops[1].'</a></li>';
    } echo '</ol>';
} ?>
<?php require_once("footer.txt"); ?>

The SQL of it:

Code:

-- phpMyAdmin SQL Dump
-- version 2.10.3deb1
-- http://www.phpmyadmin.net
-- 
-- Host: localhost
-- Generation Time: Nov 18, 2007 at 08:53 AM
-- Server version: 5.0.45
-- PHP Version: 5.2.3-1ubuntu6

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

-- 
-- Database: `****`
-- 

-- --------------------------------------------------------

-- 
-- Table structure for table `topics`
-- 

CREATE TABLE IF NOT EXISTS `topics` (
  `topic_id` int(11) unsigned NOT NULL auto_increment,
  `title` varchar(32) NOT NULL,
  `url` text NOT NULL,
  `cat_id` int(11) unsigned NOT NULL default '0',
  `descript` text NOT NULL,
  `avg` tinyint(2) unsigned NOT NULL default '0',
  `submitter` varchar(32) NOT NULL,
  PRIMARY KEY  (`topic_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;

-- 
-- Dumping data for table `topics`
-- 

INSERT INTO `topics` (`topic_id`, `title`, `url`, `cat_id`, `descript`, `avg`, `submitter`) VALUES 
(1, 'Syrnia', 'http://www.syrnia.com', 1, 'A free MMORPG with multiple skills to choose from. There are many towns, many players, a chat for the players, a PM system, and a forum. You can create your own clan, each clan gets its own forum and message board. It''s a clone of RuneScape.', 8, 'Arenlor');

Finally, the screenshots:

**maxxximus** · 11-18-2007, 12:41 PM

In a SQL statement only strings should be within single quotes.

When you run the statement with a cat=1 in the URL the statement will read after interpolation:

"select topic_id,title from topics where cat_id = '1'" //incorrect

If you get rid of the single quotes around $cat then it will work correctly
$getcat = "select topic_id,title from topics where cat_id = $cat";

**Arenlor** · 11-18-2007, 04:45 PM

Thank you, it's a bad habit I have due to my teacher while I was learning doing it that way. I've already knocked out a bunch. The worse is that there is a line of now five of us who correctly type $num but say number(#) num. That's really disastrous when teaching people.