1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Filtering Database Between a Max and Min with decimals

Discussion in 'PHP' started by mnymkr, Sep 5, 2008.

  1. #1
    I am looking for a secure php / sql statement to filter a database between a min and max number

    i want to make sure and doesn't deliver errors if a person does or does not use a decimal and if they enter a higher number for min

    thanks!
     
    mnymkr, Sep 5, 2008 IP
  2. jayshah

    jayshah Peon

    Messages:
    1,126
    Likes Received:
    68
    Best Answers:
    1
    Trophy Points:
    0
    #2
    http://www.php.net/is_numeric will check the inputs are numeric for you. If you don't do, echo mysql_error(); in your code, the user would never see the SQL errors (if any).

    Jay
     
    jayshah, Sep 5, 2008 IP
  3. mnymkr

    mnymkr Well-Known Member

    Messages:
    2,328
    Likes Received:
    32
    Best Answers:
    0
    Trophy Points:
    120
    #3
    is that sufficient to inject into a sql query

    what would be the proper query?
     
    mnymkr, Sep 5, 2008 IP
  4. jayshah

    jayshah Peon

    Messages:
    1,126
    Likes Received:
    68
    Best Answers:
    1
    Trophy Points:
    0
    #4
    Something like ...

    $min = 123.45;
    $max = 567.89;
    
    $min = mysql_real_escape_string($min);
    $max = mysql_real_escape_string($max);
    $query = "SELECT * FROM `table` WHERE `min` > $min AND `max` < $max";
    $result = mysql_query($query);
    // ... Continue processing here ...
    
    PHP:
    Jay
     
    jayshah, Sep 5, 2008 IP
  5. mnymkr

    mnymkr Well-Known Member

    Messages:
    2,328
    Likes Received:
    32
    Best Answers:
    0
    Trophy Points:
    120
    #5
    should i use is_numeric with that?
     
    mnymkr, Sep 5, 2008 IP
  6. jayshah

    jayshah Peon

    Messages:
    1,126
    Likes Received:
    68
    Best Answers:
    1
    Trophy Points:
    0
    #6
    If you want to test the data before you query the database with it, yes.

    Jay
     
    jayshah, Sep 5, 2008 IP
  7. mnymkr

    mnymkr Well-Known Member

    Messages:
    2,328
    Likes Received:
    32
    Best Answers:
    0
    Trophy Points:
    120
    #7
    sorry i mean, where should i use is_numeric in the script above?
     
    mnymkr, Sep 5, 2008 IP
  8. jayshah

    jayshah Peon

    Messages:
    1,126
    Likes Received:
    68
    Best Answers:
    1
    Trophy Points:
    0
    #8
    After the values for $min and $max have been set, before mysql_real_escape_string.

    Jay
     
    jayshah, Sep 5, 2008 IP
  9. JAY6390

    JAY6390 Peon

    Messages:
    918
    Likes Received:
    31
    Best Answers:
    0
    Trophy Points:
    0
    #9
    $min = 123.45;
    $max = 567.89;
    
    if(is_numeric($min) && is_numeric($max))
    {
        $query = "SELECT * FROM `table` WHERE `min` > $min AND `max` < $max";
        $result = mysql_query($query);
        // ... Continue processing here ...
    }else{
        //ERROR CODE TO GO HERE
    }
    
    PHP:
    NOTE: If you use is_numeric() on the two values you will not need to escape the data with mysql_real_escape_string()
     
    JAY6390, Sep 5, 2008 IP