Help with this SQL statement

I may be confused, but could you just use NOT BETWEEN '$start_date' AND '$end_date' to exclude rows with dates from a certain range? Then you wouldn’t need an ‘id’ specifier.

+1,

[edit]

OR maybe use $_REQUEST['id'] , Good Luck

I hope he is actually doing some input cleaning? Not just grabbing the GET or POST directly? Otherwise you’re open to SQL injection attacks.

Any ideas?

Well, you could solve this on a code level instead. You could check if an ‘id’ has been set, and that set id matches something the query returned, then skip that id and continue with the next.

Example:

$sql = mysql_query("... the first query you presented ...");
while($data = mysql_fetch_array($sql))
{
    if(isset($_GET['id']) && $data['id'] == $_GET['id'])
      continue;

    // and then rest of your code...
}

Just to save you some time on this matter until a permanent query fix has been made. Btw, this if-check prevents SQL injection because you only compare it with database results instead of including it into the query

you just need to enclose 2nd and 3rd conditions into “()”, like this

select * from table where id != 32 and ( condition1 or condition2);

btw, as already told, do not ever use user provided values into query without sanitize first.

you just need to enclose 2nd and 3rd conditions into “()”, like this

select * from table where id != 32 and ( condition1 or condition2);

btw, as already told, do not ever use user provided values into query without sanitize first.

What is the reasoning for this? is there a rule when you should use it?

What is the reasoning for this? is there a rule when you should use it?

coz you’ll need to consider operators precedence too: AND is evaluated before OR, so even if ID != $id is false, if condition2 is true then the where clause will be true, which is wrong.

Brackets…use them!

SELECT * FROM `table` WHERE ( (`start` BETWEEN ‘2010-02-03 00:00:00’ AND ‘2010-04-03 00:00:00’) OR (`end` BETWEEN ‘2010-02-03 00:00:00’ AND ‘2010-04-03 00:00:00’) ) AND `id` = ‘5’

you just need to enclose 2nd and 3rd conditions into “()”, like this

select * from table where id != 32 and ( condition1 or condition2);

btw, as already told, do not ever use user provided values into query without sanitize first.

Thanks guys for all these suggestions. I will try them tonight. Regarding sanitizing, I always do except this is an admin panel for one guy so if he wants to SQL inject his own database go for it lol.

I am running mysql_real_escape_string on login and passwords and some other fields where the user will be inputting big blocks of text

Brackets…use them! SELECT * FROM `table` WHERE ( (`start` BETWEEN ‘2010-02-03 00:00:00’ AND ‘2010-04-03 00:00:00’) OR (`end` BETWEEN ‘2010-02-03 00:00:00’ AND ‘2010-04-03 00:00:00’) ) AND `id` = ‘5’

Well that did the trick…go parens! Thanks dudes