1173 posts
  • Australia
  • Beta Tester
  • Bought between 1 and 9 items
  • Exclusive Author
  • Has been a member for 5-6 years
  • Sold between 10 000 and 50 000 dollars
Motionreactor says
I may be confused, but could you just use NOT BETWEEN '$start_date' AND '$end_date' to exclude rows with dates from a certain range? Then you wouldn’t need an ‘id’ specifier.

+1,

[edit]

OR maybe use $_REQUEST['id'] :p, Good Luck

I hope he is actually doing some input cleaning? Not just grabbing the GET or POST directly? Otherwise you’re open to SQL injection attacks.

28 posts
  • Author had a Free File of the Month
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 4-5 years
  • Iceland
  • Referred between 1 and 9 users
  • Sold between 1 000 and 5 000 dollars
steinikallinn says
Any ideas?

Well, you could solve this on a code level instead. You could check if an ‘id’ has been set, and that set id matches something the query returned, then skip that id and continue with the next.

Example:
$sql = mysql_query("... the first query you presented ...");
while($data = mysql_fetch_array($sql))
{
    if(isset($_GET['id']) && $data['id'] == $_GET['id'])
      continue;

    // and then rest of your code...
}

Just to save you some time on this matter until a permanent query fix has been made. Btw, this if-check prevents SQL injection because you only compare it with database results instead of including it into the query

1989 posts
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • Author had a File in an Envato Bundle
  • Has been a member for 4-5 years
  • Author had a Free File of the Month
  • Won a Competition
  • Bought between 10 and 49 items
+4 more
bitfade says
you just need to enclose 2nd and 3rd conditions into “()”, like this

select * from table where id != 32 and ( condition1 or condition2);
btw, as already told, do not ever use user provided values into query without sanitize first.
1173 posts
  • Australia
  • Beta Tester
  • Bought between 1 and 9 items
  • Exclusive Author
  • Has been a member for 5-6 years
  • Sold between 10 000 and 50 000 dollars
Motionreactor says
you just need to enclose 2nd and 3rd conditions into “()”, like this

select * from table where id != 32 and ( condition1 or condition2);
btw, as already told, do not ever use user provided values into query without sanitize first.

What is the reasoning for this? is there a rule when you should use it?

1989 posts
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • Author had a File in an Envato Bundle
  • Has been a member for 4-5 years
  • Author had a Free File of the Month
  • Won a Competition
  • Bought between 10 and 49 items
+4 more
bitfade says
What is the reasoning for this? is there a rule when you should use it?
coz you’ll need to consider operators precedence too: AND is evaluated before OR, so even if ID != $id is false, if condition2 is true then the where clause will be true, which is wrong.
230 posts
  • Has been a member for 4-5 years
  • Sold between 10 000 and 50 000 dollars
  • Exclusive Author
  • Bought between 1 and 9 items
  • Referred between 1 and 9 users
  • United Kingdom
phpdude says

Brackets…use them!

SELECT * FROM `table` WHERE ( (`start` BETWEEN ‘2010-02-03 00:00:00’ AND ‘2010-04-03 00:00:00’) OR (`end` BETWEEN ‘2010-02-03 00:00:00’ AND ‘2010-04-03 00:00:00’) ) AND `id` = ‘5’

1277 posts
  • Bought between 50 and 99 items
  • Contributed a Tutorial to a Tuts+ Site
  • Exclusive Author
  • Has been a member for 6-7 years
  • Interviewed on the Envato Notes blog
  • Referred between 100 and 199 users
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
+2 more
rondog says
you just need to enclose 2nd and 3rd conditions into “()”, like this

select * from table where id != 32 and ( condition1 or condition2);
btw, as already told, do not ever use user provided values into query without sanitize first.

Thanks guys for all these suggestions. I will try them tonight. Regarding sanitizing, I always do except this is an admin panel for one guy so if he wants to SQL inject his own database go for it lol.

I am running mysql_real_escape_string on login and passwords and some other fields where the user will be inputting big blocks of text

1277 posts
  • Bought between 50 and 99 items
  • Contributed a Tutorial to a Tuts+ Site
  • Exclusive Author
  • Has been a member for 6-7 years
  • Interviewed on the Envato Notes blog
  • Referred between 100 and 199 users
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
+2 more
rondog says
Brackets…use them! SELECT * FROM `table` WHERE ( (`start` BETWEEN ‘2010-02-03 00:00:00’ AND ‘2010-04-03 00:00:00’) OR (`end` BETWEEN ‘2010-02-03 00:00:00’ AND ‘2010-04-03 00:00:00’) ) AND `id` = ‘5’

Well that did the trick…go parens! Thanks dudes

by
by
by
by
by
by