0

Hi

I have a single search field ' agent_name' in a form which is a dropdown field of data based on the concatonation of 2 fields: reg_fname and reg_lname

When I do the SELECT Query though I'm getting a bit mixed up.....

The data from reg_fname & reg_lname does not go into fullname
Also for obvious reasons I cant' compare what is selected in the field agent_name with fullname.....

But I don't know how else to go about this?

SELECT DISTINCT DEV_user_registration.reg_fname + ' ' +  DEV_user_registration.reg_lname AS DEV_user_registration.fullname 
FROM DEV_user_registration 
WHERE DEV_user_registration.reg_agent = 'Yes' 
AND DEV_user_registration_fullname = '$_GET[agent_name]' ";

Any help would be great....thank you

4
Contributors
9
Replies
10
Views
5 Years
Discussion Span
Last Post by ebanbury
0

Is fullname alos a columnname in the table or just an alias u r giving to the concatenation of fname and lname

if it is a column name then I guess it wont go into the column else if it an alias then try below code

SELECT DISTINCT DEV_user_registration.reg_fname + ' ' + DEV_user_registration.reg_lname AS 'Fullname'
FROM DEV_user_registration
WHERE DEV_user_registration.reg_agent = 'Yes'
AND DEV_user_registration.reg_fname + ' ' + DEV_user_registration.reg_lname = '$_GET[agent_name]' ";

I guess it shud be this way

0

Thanks I'll try it.
Yes it is an alias. The column fullname doesnt' actually exist.

0

The + operator does not concatenate strings. Use Concat() instead.
And beware of SQL injection. $_GET[agent_name] is likely to get you into trouble

0

The $_GET is from a dropdown list of options dynamically taken form the db table and validated - so hopefully should be ok.?

0

Unfiltered use of $_GET variables in SQL statements opens a door for SQL injection. It does not matter if the values are checked against a reference table - when it comes to checking, the harm has already been done.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.