I have a single session variable of AgreeNum that dynamically inserts into my PHP based MySQL query. I am trying to add a second session variable called AgreeNum and cannot figure out the correct syntax to add the second variable? Here is the snippet, everytime I try to add AND after the WHERE clause it blows up:
$ParamAgreeNum_WADAsarenewals = "-1";
if (isset($_GET['AgreeNum'])) {
$ParamAgreeNum_WADAsarenewals = (get_magic_quotes_gpc()) ? $_GET['AgreeNum'] : addslashes($_GET['AgreeNum']);
}
$ParamEmail_WADAsarenewals = "-1";
if (isset($_GET['Email'])) {
$ParamEmail_WADAsarenewals = (get_magic_quotes_gpc()) ? $_GET['Email'] : addslashes($_GET['Email']);
}
mysql_select_db($database_home, $home);
$query_WADAsarenewals = sprintf("SELECT AgreeNum, sName, Address1, CityStZip, Email, EffectiveDate, Year1, Year2, Year3, Year4, YearPick, authid, ccinfo FROM sarenewals WHERE AgreeNum = %s", GetSQLValueString($ParamAgreeNum_WADAsarenewals, "text"));
I tried to update with this on the sprintf and it does not work:
$query_WADAsarenewals = sprintf("SELECT AgreeNum, sName, Address1, CityStZip, Email, EffectiveDate, Year1, Year2, Year3, Year4, YearPick, authid, ccinfo FROM sarenewals WHERE AgreeNum = %s", GetSQLValueString($ParamAgreeNum_WADAsarenewals, "text") " AND Email = %s", GetSQLValueString($ParamEmail_WADAsarenewals, "text"));
You have to write the full string, before passing through the variables that are used as arguments: