Before you consider this as a duplicate please go through the code. I have tried to avoid SQL injection by placing mysqli_escape_string($....).
$detail_ralb = $_GET['ralb'];
$detail_type = $_GET['type'];
$detail_machine = $_GET['machine_name'];
$detail_name = $_GET['p_name'];
if(empty($detail_ralb))
{
$detail_ralb='0';
}
$data=("SELECT DISTINCT p.ralb, p.Manufacturer, p.Model, p.operating_system, p.type, p.machine_name, p.maintenance, p.Scrapped, concat(forename,' ',surname), u.forename, u.surname from ppd_items as p
INNER JOIN log_times as lt
ON lt.machine_name = p.machine_name
INNER JOIN user as u
ON lt.fed_id = u.fedID
ORDER BY lt.login_date DESC
WHERE ralb = '". mysqli_escape_string($conn,$detail_ralb) ."'");
$records= mysqli_query($conn, $data);
while($ral_b = mysqli_fetch_assoc($records))
Please Help!
Answer
You query is not correct.WHERE clause must be before ORDER BY clause
$data=("SELECT DISTINCT p.ralb, p.Manufacturer, p.Model, p.operating_system, p.type, p.machine_name, p.maintenance, p.Scrapped, concat(forename,' ',surname), u.forename, u.surname from ppd_items as p
INNER JOIN log_times as lt
ON lt.machine_name = p.machine_name
INNER JOIN user as u
ON lt.fed_id = u.fedID
WHERE ralb = '". mysqli_escape_string($conn,$detail_ralb) ."'
ORDER BY lt.login_date DESC");
EDIT :
3 things :
first : are you sure it is
u.fedIDand notu.fed_idsecond : remove
()and just let$data =query;and not$data = (query);third : i change the concatenation just to be sure.
$data="SELECT DISTINCT p.ralb, p.Manufacturer, p.Model, p.operating_system, p.type, p.machine_name, p.maintenance, p.Scrapped, concat(forename,' ',surname), u.forename, u.surname
FROM ppd_items as p
INNER JOIN log_times as lt ON lt.machine_name = p.machine_name
INNER JOIN user as u ON lt.fed_id = u.fed_id
WHERE ralb = $detail_ralb OR machine_name = '".$detail_machine."' OR type= '".$detail_type."' OR concat(forename,' ',surname) = '".$detail_name."'
ORDER BY lt.login_date DESC";
No comments:
Post a Comment