In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] writes: > Don't do an "@usrDays", just stick the number in there so that the > statement you create looks exactly like the one you tested with.
> If you get a "number" from a user from a form, just put that value into > the string. For instance if the user enters 43 into a field on the first > page, put 43 into the query. > Let's imagine that you get the value 43 into a variable (off of the > request) called $daterange... > and let's imagine that you build your query into a variable called $query > I think this is how you would build the correct query (my PHP is rusty): > $query = "SELECT DateEntry from Entry_table WHERE DateEntry >= > DATE_SUB(CURDATE(), INTERVAL ". $daterange." day)"; > See? Pretend you are a typist and BUILD the string as you want it > executed. Then do it. I think this is bad advice, even for a novice like Stuart, because it is susceptible to SQL injection attacks. I don't know if PHP has prepared statements like Perl DBI; if not, $daterange should either be quoted or checked in PHP if it's really a number. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
