Home/ Questions/Q 6550829
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T12:15:49+00:00

I am developing a real estate script. The script has a search option where

  • 0

I am developing a real estate script. The script has a search option where an user can specify the price range eg. user_price_low to user_price_high and the listings have to be fetched from a database, which has eg. db_price_high and db_price_low.

I used a BETWEEN statement trying to find the matches,

WHERE price_low BETWEEN '.$_REQUEST['minprice_buy'].' AND '.$_REQUEST['maxprice_buy']

but to my surprise…

If an user has user_price_high = 60 and user_price_low = 20
AND
the record has db_price_low = 30 and db_price_high = 120

my query is invalid in this case.

i tried looking at MySql Query- Date Range within a Date Range but does that match what I want?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Chandan, never ever input $_* functions directly into a query. It’s an SQL-injection hole.

    Change the code to: 

    $min_price = mysql_real_escape_string($_REQUEST['minprice_buy']);
$max_price = mysql_real_escape_string($_REQUEST['maxprice_buy']);
$query = "SELECT whatever 
          FROM whichever 
          WHERE price_low BETWEEN '$min_price' AND '$max_price' ";
// Dont forget these quotes       ^          ^     ^          ^
// Or mysql_real_escape_string() will not work!.

    With regards to your question, change the query to something like:

    WHERE '$min_price' BETWEEN price_low AND price_high 
  AND '$max_price' BETWEEN price_low AND price_high

    You may also want to consider:

    WHERE ('$min_price' BETWEEN price_low AND price_high) 
  OR  ('$max_price' BETWEEN price_low AND price_high)

    Here min_price and max_price don’t need to both be in the range at all times.

    See: How does the SQL injection from the "Bobby Tables" XKCD comic work?

    • 0