Re: [PHP-DB] Newbie Question $2
Oh a few quick things. First, you can use substr to break up the phone instead of grabbing characters- might be a little easier to read long term. Secondly, mysql_real_escape_string will return the cleaned string, but doesn't change the original variable. So you'll need $phn = mysql_real_escape_string($phn); Thirdly anytime you use a single quote the strong is interpreted literally. You'll want to switch out the single quotes with double quotes, and then wrap $phn in single quotes in order to not break your query. "Select ... Where phn = '$phn'" I'd also really suggest looking at using PDO or even the mysqli extension tho instead of just plain mysql (believe this has been deprecated). Sorry for the quick reply, on mobile. But feel free to email me directly and I'll be happy to help out more. - Mike Sent from my iPhone > On Jun 16, 2014, at 7:58 PM, Ethan Rosenberg > wrote: > > Dear List - > > I have the following code: > > The input from the form is a 10 digit string [1234567890] which is converted > to phone number format [123-456-7890] > > $phn = $_POST[phone]; > $phn = (string)$phn; > $dsh = '-'; > $Phn = > $phn[0].$phn[1].$phn[2].$dsh.$phn[3].$phn[4].$phn[5].$dsh.$phn[6].$phn[7].$phn[8].$phn[9]; > >echo $Phn; // this is folded by Thunderbird. In the script, it is //all > on one line > >mysql_real_escape_string($Phn); >$sql1 ='select Lname, Fname from Customers where Phone = $Phn '; >echo $sql1; //this always shows $phn as Phn and not as a numerical > //string. >$result1 = mysqli_query($cxn, $sql1); > > TIA > > Ethan > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Newbie Question $2
On Jun 16, 2014, at 10:05 PM, Karl DeSaulniers wrote: > On Jun 16, 2014, at 9:58 PM, Ethan Rosenberg > wrote: > >> Dear List - >> >> I have the following code: >> >> The input from the form is a 10 digit string [1234567890] which is converted >> to phone number format [123-456-7890] >> >> $phn = $_POST[phone]; >> $phn = (string)$phn; >> $dsh = '-'; >> $Phn = >> $phn[0].$phn[1].$phn[2].$dsh.$phn[3].$phn[4].$phn[5].$dsh.$phn[6].$phn[7].$phn[8].$phn[9]; >> >> echo $Phn; // this is folded by Thunderbird. In the script, it is //all >> on one line >> >> mysql_real_escape_string($Phn); >> $sql1 ='select Lname, Fname from Customers where Phone = $Phn '; >> echo $sql1; //this always shows $phn as Phn and not as a numerical >> //string. >> $result1 = mysqli_query($cxn, $sql1); >> >> TIA >> >> Ethan >> > > Well, from first glance you're combining mysql and mysqli. > Don't know if that is wise or permissible since I think mysql has been > depreciated. > Go with mysqli. Next you may want to try... > > $sql1 = 'SELECT Lname, Fname FROM Customers WHERE Phone = '.$Phn; > > Best, > > Karl DeSaulniers > Design Drumm > http://designdrumm.com > Also, you may want to store the number in your database without the dash and just apply the dash when displaying the number in HTML. Not that this is entirely necessary, more of a personal choice. If you have a large number of phone numbers stored lets say, numbers with no dash take up less space in the grand scheme of things I guess. Best, Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Newbie Question $2
On Mon, Jun 16, 2014 at 10:58 PM, Ethan Rosenberg < erosenb...@hygeiabiomedical.com> wrote: > Dear List - > > I have the following code: > > The input from the form is a 10 digit string [1234567890] which is > converted to phone number format [123-456-7890] > > $phn = $_POST[phone]; > $phn = (string)$phn; > $dsh = '-'; > $Phn = $phn[0].$phn[1].$phn[2].$dsh.$phn[3].$phn[4].$phn[5].$dsh.$ > phn[6].$phn[7].$phn[8].$phn[9]; > echo $Phn; // this is folded by Thunderbird. In the script, it is > //all on one line > > mysql_real_escape_string($Phn); > $sql1 ='select Lname, Fname from Customers where Phone = $Phn '; > echo $sql1; //this always shows $phn as Phn and not as a numerical > //string. > $result1 = mysqli_query($cxn, $sql1); > > TIA > > Ethan > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > This page should help you: http://www.php.net//manual/en/language.types.string.php understand the difference between single and double quotes.
Re: [PHP-DB] Newbie Question $2
On Jun 16, 2014, at 9:58 PM, Ethan Rosenberg wrote: > Dear List - > > I have the following code: > > The input from the form is a 10 digit string [1234567890] which is converted > to phone number format [123-456-7890] > > $phn = $_POST[phone]; > $phn = (string)$phn; > $dsh = '-'; > $Phn = > $phn[0].$phn[1].$phn[2].$dsh.$phn[3].$phn[4].$phn[5].$dsh.$phn[6].$phn[7].$phn[8].$phn[9]; > >echo $Phn; // this is folded by Thunderbird. In the script, it is //all > on one line > >mysql_real_escape_string($Phn); >$sql1 ='select Lname, Fname from Customers where Phone = $Phn '; >echo $sql1; //this always shows $phn as Phn and not as a numerical > //string. >$result1 = mysqli_query($cxn, $sql1); > > TIA > > Ethan > Well, from first glance you're combining mysql and mysqli. Don't know if that is wise or permissible since I think mysql has been depreciated. Go with mysqli. Next you may want to try... $sql1 = 'SELECT Lname, Fname FROM Customers WHERE Phone = '.$Phn; Best, Karl DeSaulniers Design Drumm http://designdrumm.com > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Newbie Question $2
Dear List - I have the following code: The input from the form is a 10 digit string [1234567890] which is converted to phone number format [123-456-7890] $phn = $_POST[phone]; $phn = (string)$phn; $dsh = '-'; $Phn = $phn[0].$phn[1].$phn[2].$dsh.$phn[3].$phn[4].$phn[5].$dsh.$phn[6].$phn[7].$phn[8].$phn[9]; echo $Phn; // this is folded by Thunderbird. In the script, it is //all on one line mysql_real_escape_string($Phn); $sql1 ='select Lname, Fname from Customers where Phone = $Phn '; echo $sql1; //this always shows $phn as Phn and not as a numerical //string. $result1 = mysqli_query($cxn, $sql1); TIA Ethan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
