I'm shucked with a strange problem. when i execute this query from my phpmyadmin it works fine and returns 2 results . But When we are executing this Query form php page it returns 0 result.
$query = "SELECT distinct(vtiger_products.product_no) FROM `vtiger_products`
INNER JOIN vtiger_crmentity VC ON VC.crmid = vtiger_products.productid
inner join vtiger_tree_product vtp on vtiger_products.productid = vtp.productid";
$custom_conditions = ' cf.cf_1399 = "'.$_REQUEST['size'].'"';
$temp ='Where vtiger_products.hisotrization_status='Current'
AND vtiger_products.productid > 0
AND VC.deleted = 0
AND vtp.nodeid in (425,426,427,428,430,431,457,458,459,460,480,488,502,510,514,515,516,517,518,519,520,521,525,526,527,528,529)';
if ($custom_conditions) {
$query .= " inner JOIN vtiger_productcf cf on cf.productid = vtiger_products.productid ";
$conditions .= " AND ( " . str_replace('""','\""',str_replace("''","\''",$custom_conditions)) . " ) ";
}
$query = $query.$temp . $conditions;
SELECT distinct(vtiger_products.product_no) FROM `vtiger_products`
INNER JOIN vtiger_crmentity VC ON VC.crmid = vtiger_products.productid
inner join vtiger_tree_product vtp on vtiger_products.productid = vtp.productid
inner JOIN vtiger_productcf cf on cf.productid = vtiger_products.productid
Where vtiger_products.hisotrization_status='Current'
AND vtiger_products.productid > 0
AND VC.deleted = 0
AND vtp.nodeid in (425,426,427,428,430,431,457,458,459,460,480,488,502,510,514,515,516,517,518,519,520,521,525,526,527,528,529)
AND ( cf.cf_1399 = "20'" );
Waiting for your response Thanks
You can pass the the php variables into the query by using function mysql_real_escape_string(Escapes special characters in a string for use in an SQL statement).
e.g.mysql_real_escape_string($user);
Plain and simple:
Wrong:
$query = '... set test = 'blah' where ...'; (' before blah terminates the string)
Solution 1:
$query = '... set test = \'blah\' where ...'; (escaping)
Solution 2:
$query = "... set test = 'blah' where ..."; (double quotes aren't terminated by single quotes)
Please note that "Hello, $test !" evaluates $test while 'Hello, $test !' does not.