Why won't this SELECT statement work?

Discussion in 'PHP' started by Darden12, Jul 13, 2009.

  1. #1
    I am trying to use a WHERE clause in a SELECT statement to search for text that happens to be in the form of an include. I am searching for the actual text that is <?php include 'iv_inline.php' ?>. How do I do this? The text I'm looking for has special characters (< and >) so I can't get the SELECT statement to work.l


    $find="<?php include 'iv_inline.php' ?>";
    
    $result=mysql_query("SELECT * FROM Articles WHERE Article LIKE '%$find%'") or die(mysql_error());
    PHP:
     
    Darden12, Jul 13, 2009 IP
  2. arunn

    arunn Active Member

    Messages:
    347
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    60
    #2
    try using `%$find%` instead of '%$find%'
     
    arunn, Jul 13, 2009 IP
  3. wd_2k6

    wd_2k6 Peon

    Messages:
    1,740
    Likes Received:
    54
    Best Answers:
    0
    Trophy Points:
    0
    #3
    You need to escape your single quotes so it should be:
    
    $find="<?php include \'iv_inline.php\' ?>";
    $result=mysql_query("SELECT * FROM Articles WHERE Article LIKE '%$find%'") or die(mysql_error());
    
    PHP:
    It shouldn't have nothing to do with the < characters. If this doesn't work please post up the error reported.
     
    wd_2k6, Jul 13, 2009 IP
  4. Goramba

    Goramba Peon

    Messages:
    128
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #4
    His problem is much earlier than that, plus the back tick marks are for literal finds so unless it has % in the string it won't help.

    Normally wd_2k6 would be right and escaping would work, but in this case it still tries to parse <?php. I just tested it out and here's your fix:


    $find='&lt;?php include \'iv_inline.php\' ?&gt;';
     
    Goramba, Jul 13, 2009 IP
  5. austin-G

    austin-G Peon

    Messages:
    435
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Why would you want to do that? You're searching for <, not the HTML entity.
     
    austin-G, Jul 13, 2009 IP
  6. Darden12

    Darden12 Well-Known Member

    Messages:
    107
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    101
    #6
    Thanks for the suggestions. So far nothing's working on this end, though. In answer to your question, S.W., the line you suggested do not parse in my TextWrangler program -- and when I upload it, it just prints out most of the text of the script.
     
    Darden12, Jul 13, 2009 IP
  7. wd_2k6

    wd_2k6 Peon

    Messages:
    1,740
    Likes Received:
    54
    Best Answers:
    0
    Trophy Points:
    0
    #7
    I personally tested:

    $find="<?php include \'iv_inline.php\' ?>";
    $result=mysql_query("SELECT * FROM Articles WHERE Article LIKE '%$find%'") or die(mysql_error());

    and it returned a row successfully which contained the text <?php include 'iv_inline.php' ?> inside it's Article column. Obviously without the backslashes, it becomes an invalid MYSQL query.

    For some reason Goramba I didn't need to change the <?php part, just had to escape the single quotes.

    Anyway Darden, did you try my suggestion, and please post up the output (exact) or the error reported, whether its a mysql error or php error, so we can see where it is going wrong.
     
    wd_2k6, Jul 14, 2009 IP
  8. Goramba

    Goramba Peon

    Messages:
    128
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Yeah that's interesting. If you would, try and echo $result and see the full query.

    It should try to process anything within the quotes of $find. If you had some other variable in there it would processes it, so why not <?php is strange. I can't get an output at all if I don't escape the < and > because naturally it tries to open and close the php tags. Wonder what would happen if you tried:
    $find = "?>";

    Or maybe I just have a setting on mine set to wacky. And yeah austin, now that I think about it that is kinda strange I have to do that. Either way Darden, what wd or I posted (if you have that wacky setting) should get you going.
     
    Goramba, Jul 14, 2009 IP
  9. ira123

    ira123 Peon

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    include \'iv_inline.php\' ?&gt;
     
    ira123, Jul 14, 2009 IP
  10. wd_2k6

    wd_2k6 Peon

    Messages:
    1,740
    Likes Received:
    54
    Best Answers:
    0
    Trophy Points:
    0
    #10
    I can't echo $result because it's a resource, but obivously if I try to echo the $find variable or the row found from the table then it tries to include the file.
    Here this is the exact code I used and it returns the data fine:
    
    <?
    include("connection.php");
    
    
    $find = "<?php include \'iv_inline.php\' ?>";
    $query = "SELECT * FROM find WHERE article LIKE '%$find%'";
    $result = mysql_query($query) or die(mysql_error());
    if(mysql_num_rows($result) > 0){
    	while($row = mysql_fetch_array($result)){
    		echo "Row ID:".$row['id']."<br />";
    		//The below line will not show on the document because it tries to include the file
    		echo "Row Value:".$row['article']."<br />";
    	}
    }
    else{
    	echo "<br />Rows were not found :(!";
    }
    ?>
    
    PHP:
     
    wd_2k6, Jul 14, 2009 IP
  11. Goramba

    Goramba Peon

    Messages:
    128
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #11
    lol, I even considered rewriting the request in case you didn't get what I was asking. yes it's a resource, but by echo it I mean the query you're sending, not just tack "echo" to the start of it. :)

    Hopefully what you posted works for him.
     
    Goramba, Jul 14, 2009 IP