Member Avatar for old_apache

hello fellas

i'm stuck in this function:

function getDataForPagination() {

        $sql = "select * from t_book limit 1, 15;

        $result = mysql_query($sql);

        if (!$result)
            return false;

        $num_rows = mysql_num_rows($result);
        if ($num_rows == 0)
            return false;

        $result = dbResultToArray2($result);
        return $result;
}

i want to make the above function more flexible by making it a function with parameters. I made it like this:
`

function getDataForPagination($table, $start, $amount) {

        $sql = "select * '".$table."' limit '". $start ."' , '". $amount ."'";

        $result = mysql_query($sql);

        if (!$result)
            return false;

        $num_rows = mysql_num_rows($result);
        if ($num_rows == 0)
            return false;

        $result = dbResultToArray2($result);
        return $result;
    }

But, it does not work

any help would be appreciated

  • 2 Contributors
  • 4 Replies
  • 205 Views
  • 2 Hours Discussion Span
  • Latest Post Latest Post by old_apache

Recommended Answers

All 4 Replies

Member Avatar for |-|x

You don't need single quotes around your variables inserted in the sql string - there weren't single quotes in the original, and adding them makes the table name and limiters string values.

Echo your sql string to the page so you can see it and copy/run it manually to check that it works.

Member Avatar for old_apache

thanks,

but why this works well?

$sql = "select * from fk_00_m_buku where id_buku='". $id_book ."'";
Member Avatar for |-|x

Because id_buku is being compared to a string value, which is ok. The table name fk_00_m_buku is not a string, and if you were to add limits to this query they need to be integers not strings.

In the previous query you were creating the table name and limit values as strings, which wont work. String values for comparison (WHERE clause) do need to have quotes.

I feel like maybe I'm not explaining this clearly enough, but not sure how else to put it. You need to take a look at the result SQL query of those you are producing so that you can better see the differences.

your initial query

$table = "t_book";
$start = 1;
$amount = 15;

$sql = "select * '".$table."' limit '". $start ."' , '". $amount ."'";

echo $sql;

//output result is...
select * 't_book' limit '1' , '15'

//Correct syntax should be...
select * from t_book limit 1 , 15

second example

$id_book = "A";

$sql = "select * from fk_00_m_buku where id_buku='". $id_book ."'";

//output is OK ...

select * from fk_00_m_buku where id_buku='A';

NOTE

This second query is treating the book_id as a string, if this is supposed to be a number (is an integer in the database) MySQL is capable of implicitly converting '1' to 1 for the comparison - however, it is better practice to not use quotes and pass the value as an integer yourself.

You only need to use quotes ' when you are referencing actual string type data values - not for identifiers, names, non-string type data, etc.

Edited by |-|x because: link
Member Avatar for old_apache

now i get it, you explained it well

tyvm

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.