0

hello fellas

i'm stuck in this function:

function getDataForPagination() {

        $sql = "select * from t_book limit 1, 15;

        $result = mysql_query($sql);

        if (!$result)
            return false;

        $num_rows = mysql_num_rows($result);
        if ($num_rows == 0)
            return false;

        $result = dbResultToArray2($result);
        return $result;
}

i want to make the above function more flexible by making it a function with parameters. I made it like this:
`

function getDataForPagination($table, $start, $amount) {

        $sql = "select * '".$table."' limit '". $start ."' , '". $amount ."'";

        $result = mysql_query($sql);

        if (!$result)
            return false;

        $num_rows = mysql_num_rows($result);
        if ($num_rows == 0)
            return false;

        $result = dbResultToArray2($result);
        return $result;
    }

But, it does not work

any help would be appreciated

2
Contributors
4
Replies
27
Views
4 Years
Discussion Span
Last Post by old_apache
1

You don't need single quotes around your variables inserted in the sql string - there weren't single quotes in the original, and adding them makes the table name and limiters string values.

Echo your sql string to the page so you can see it and copy/run it manually to check that it works.

0

thanks,

but why this works well?

$sql = "select * from fk_00_m_buku where id_buku='". $id_book ."'";
1

Because id_buku is being compared to a string value, which is ok. The table name fk_00_m_buku is not a string, and if you were to add limits to this query they need to be integers not strings.

In the previous query you were creating the table name and limit values as strings, which wont work. String values for comparison (WHERE clause) do need to have quotes.

I feel like maybe I'm not explaining this clearly enough, but not sure how else to put it. You need to take a look at the result SQL query of those you are producing so that you can better see the differences.

your initial query

$table = "t_book";
$start = 1;
$amount = 15;

$sql = "select * '".$table."' limit '". $start ."' , '". $amount ."'";

echo $sql;

//output result is...
select * 't_book' limit '1' , '15'

//Correct syntax should be...
select * from t_book limit 1 , 15

second example

$id_book = "A";

$sql = "select * from fk_00_m_buku where id_buku='". $id_book ."'";

//output is OK ...

select * from fk_00_m_buku where id_buku='A';

NOTE

This second query is treating the book_id as a string, if this is supposed to be a number (is an integer in the database) MySQL is capable of implicitly converting '1' to 1 for the comparison - however, it is better practice to not use quotes and pass the value as an integer yourself.

You only need to use quotes ' when you are referencing actual string type data values - not for identifiers, names, non-string type data, etc.

Edited by |-|x: link

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.