-1

$id = $_GET['id'];

$getfile = $db->query('select * from file where id = '.$id, database::GET_ROW);
$folq = $db->query("select id as pid,folder,name as catname,name,thumb,pathc from category where id = ".$parentid, database::GET_ROW);

when i used mysql_real_escape_string() it get error message on my web site

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' line 1

user3286153
  • 1

1 Answers1

-1

before running the database queries perform mysql_real_escape_string on the inputs:

$id = mysql_real_escape_string($id);
$parentid = mysql_real_escape_string($parentid);
$getfile = $db->query('select * from file where id = '.$id, database::GET_ROW);
$folq = $db->query("select id as pid,folder,name as catname,name,thumb,pathc from category where id = ".$parentid, database::GET_ROW);
gurudeb
  • 1,856
  • 22
  • 29
  • can you paste the query string that is working fine? – gurudeb Feb 08 '14 at 04:21
  • I think the issue is not with mysql_real_escape_string... echo the value of $id... it should not get blank value. – gurudeb Feb 08 '14 at 04:24
  • Downvoting any question or answer without providing reason is NOT a good gesture. If you (whoever downvoted this) are downvoting any question or answer, please provide proper justification so that I can improve myself. – gurudeb Feb 08 '14 at 07:55
  • You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by rand() limit 3' at line 1 – user3286153 Feb 08 '14 at 08:27
  • include 'includes/config.php'; include 'header.php'; $id = $_GET['id']; $getfile = $db->query('select * from file where id = '.$id, database::GET_ROW); $folq = $db->query("select id as pid,folder,name as catname,name,thumb,pathc from category where id = ".$parentid, database::GET_ROW); – user3286153 Feb 08 '14 at 08:29
  • the code block you pasted doesn't have "order by rand() limit 3" ... echo $id before passing it to the query... is there any other code related to it? – gurudeb Feb 08 '14 at 09:03