Home/ Questions/Q 7178161
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T16:51:54+00:00

Newbie here. The following function works fine when $color refers to an entry in

  • 0

Newbie here. The following function works fine when $color refers to an entry in the “style” field that is numberic e.g. “5000”. But if the entry is “5000B” or letters entirely, it can’t find it. Is this an indexing problem?

    function get_shirt_colors_by_style($color)
    {
db_connect();

    $query = "SELECT style,sanmar_mainframe_color,unique_key,color_square_image 
              FROM sanmar_products WHERE style=$color 
              GROUP BY style ORDER BY style";

    $result = mysql_query($query);
    $data = mysql_fetch_array($result);

    return $data;
    }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It is failing to find alphanumeric comnbinations because the string is not quoted:

    $query = "SELECT style,sanmar_mainframe_color,unique_key,color_square_image FROM sanmar_products WHERE style='$color' GROUP BY style ORDER BY style";
//-----------------------------------------------------------------------------------------------------------^^^^^^^^^

    Numeric values need not be quoted in a MySQL query, but string values must always be surrounded in single quotes like '5000B'.

    We assume the value of $color has already been escaped against SQL injection:

    // Hopefully this happened already.
// If not, do it before running mysql_query()
$color = mysql_real_escape_string($color);
    • 0