I'm sure this is an easy quesion, probably syntax, but could someone tell me why i keep getting a
Unknown column 'Used' in 'where clause'
error with this script.
I'm trying to pass the values either 'New' or 'Used', with a link, then assign the value to $age, and then search my db for all the records where collumn cond = $age.

<?php
//$age=$_GET['age'];
$age = "Used";

$db = mysql_connect("localhost", "gunalley_lookup");
mysql_select_db("gunalley_guns");
$result = mysql_query("SELECT * FROM guns WHERE cond = $age",$db) or die(mysql_error());

if ($myrow = mysql_fetch_array($result)) {

do {
echo "<center><table border=\"1\" width=\"400\"><tr><td rowspan=3><img src=\"", $myrow["image"], "\"</td><td>", $myrow["manu"], "</td><td>", $myrow["modle"], "</td><td>", $myrow["cal"],"</td></tr>";
echo "<tr><td>", $myrow["cond"], "</td><td>", $myrow["clipNum"], " ", "</td></tr>";
echo "<tr><td colspan=\"3\" height=\"40\">", $myrow["notes"], "</td></tr></table><br>";

} while ($myrow = mysql_fetch_array($result));

} else {

echo "Sorry, no records were found!";

}

?>

    Hi there,

    Try it with single quotes around your variable instead:

    $result = mysql_query("SELECT * FROM guns WHERE cond = '$age'",$db) or die(mysql_error());

    Kind regards,
    Simon.

      works great! thanks.
      BTW, as far as simple php scripts go, would this be considered a good one?
      light, fast, secure?

        Looks fine to me. If you only have two possible values for $GET['age'] - "New" or "Used" - then you might want to put a sanity check in there:

        if(($_GET['age'] != "New") && ($_GET['age'] != "Used"))
{
echo "Invalid input parameter";
exit;
}

        As you're not feeding any user input into your database with this script, it's not necessary. It's just that wherever possible, if a user can change the parameters received by a script by altering $_GET or $_POST parameters, I like to let them know that they shouldn't be doing it and that I'm checking for it.

        Best wishes,
        Simon.

          Write a Reply...