1173 posts
  • 6 Years of Membership
  • Australia
  • Author Level 5
  • Beta Tester
+4 more
Motionreactor
says
I may be confused, but could you just use NOT BETWEEN '$start_date' AND '$end_date' to exclude rows with dates from a certain range? Then you wouldn’t need an ‘id’ specifier.

+1,

[edit]

OR maybe use $_REQUEST['id'] :p, Good Luck

I hope he is actually doing some input cleaning? Not just grabbing the GET or POST directly? Otherwise you’re open to SQL injection attacks.

28 posts
  • 5 Years of Membership
  • Affiliate Level 1
  • Author Level 3
  • Collector Level 2
+3 more
steinikallinn
says
Any ideas?

Well, you could solve this on a code level instead. You could check if an ‘id’ has been set, and that set id matches something the query returned, then skip that id and continue with the next.

Example:
$sql = mysql_query("... the first query you presented ...");
while($data = mysql_fetch_array($sql))
{
    if(isset($_GET['id']) && $data['id'] == $_GET['id'])
      continue;

    // and then rest of your code...
}

Just to save you some time on this matter until a permanent query fix has been made. Btw, this if-check prevents SQL injection because you only compare it with database results instead of including it into the query

2054 posts
  • Affiliate Level 3
  • Author Level 11
  • Collector Level 2
  • Elite Author
+11 more
bitfade
says
you just need to enclose 2nd and 3rd conditions into “()”, like this

select * from table where id != 32 and ( condition1 or condition2);
btw, as already told, do not ever use user provided values into query without sanitize first.
1173 posts
  • 6 Years of Membership
  • Australia
  • Author Level 5
  • Beta Tester
+4 more
Motionreactor
says
you just need to enclose 2nd and 3rd conditions into “()”, like this

select * from table where id != 32 and ( condition1 or condition2);
btw, as already told, do not ever use user provided values into query without sanitize first.

What is the reasoning for this? is there a rule when you should use it?

2054 posts
  • Affiliate Level 3
  • Author Level 11
  • Collector Level 2
  • Elite Author
+11 more
bitfade
says
What is the reasoning for this? is there a rule when you should use it?
coz you’ll need to consider operators precedence too: AND is evaluated before OR, so even if ID != $id is false, if condition2 is true then the where clause will be true, which is wrong.
240 posts
  • Affiliate Level 1
  • Author Level 5
  • Collector Level 1
  • Top Monthly Author
+4 more
phpdude
says

Brackets…use them!

SELECT * FROM `table` WHERE ( (`start` BETWEEN ‘2010-02-03 00:00:00’ AND ‘2010-04-03 00:00:00’) OR (`end` BETWEEN ‘2010-02-03 00:00:00’ AND ‘2010-04-03 00:00:00’) ) AND `id` = ‘5’

1281 posts
  • 7 Years of Membership
  • Affiliate Level 4
  • Author Level 6
  • Blog Interview
+8 more
rondog
says
you just need to enclose 2nd and 3rd conditions into “()”, like this

select * from table where id != 32 and ( condition1 or condition2);
btw, as already told, do not ever use user provided values into query without sanitize first.

Thanks guys for all these suggestions. I will try them tonight. Regarding sanitizing, I always do except this is an admin panel for one guy so if he wants to SQL inject his own database go for it lol.

I am running mysql_real_escape_string on login and passwords and some other fields where the user will be inputting big blocks of text

1281 posts
  • 7 Years of Membership
  • Affiliate Level 4
  • Author Level 6
  • Blog Interview
+8 more
rondog
says
Brackets…use them! SELECT * FROM `table` WHERE ( (`start` BETWEEN ‘2010-02-03 00:00:00’ AND ‘2010-04-03 00:00:00’) OR (`end` BETWEEN ‘2010-02-03 00:00:00’ AND ‘2010-04-03 00:00:00’) ) AND `id` = ‘5’

Well that did the trick…go parens! Thanks dudes

by
by
by
by
by
by