Home/ Questions/Q 7187321
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T18:49:10+00:00

I am trying to use session variable( $_SESSION[‘asc_id’] , which holds some value like

  • 0

I am trying to use session variable($_SESSION['asc_id'], which holds some value like “AS0027001”) in an SQL statement, but it is not working.
When I hardcode the value, it is providing results.

Can anyone please correct me.

MySQL query which is not working

$asc_id = $_SESSION['asc_id'];

$rs = mysql_query('select asc_lastname, asc_firstname, asc_middlename, lname_fname_dob
                     from issio_asc_workers where asc_user_type = 31
                      and asc_id  = "$asc_id"
                      and lname_fname_dob like "' .
                      mysql_real_escape_string($_REQUEST['term']) .
                      '%"  order by lname_fname_dob asc limit 0,10', $dblink);

Mysql query which is working

$rs = mysql_query('select asc_lastname, asc_firstname, asc_middlename, lname_fname_dob 
                     from issio_asc_workers where asc_user_type = 31
                      and asc_id  = "AS0027001" and lname_fname_dob like "' .
                      mysql_real_escape_string($_REQUEST['term']) .
                      '%"  order by lname_fname_dob asc limit 0,10', $dblink);
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    When you print the strings, it will be clear. When the question is reformatted to leave the SQL readable, the problem is clear. (The first rule for debugging SQL statements is “print the string”. A second rule, that makes it easier to comply with the first, is always put the SQL statements into a string which you pass to the SQL function.)

    You use the . notation to embed the request term in the string; you don’t use that to embed the $asc_id into the string. You should also use mysql_real_escape_string() on the session ID value to prevent SQL injection.

    • 0