Re: Select Where using character varying ??
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
> I think you should try: > $Sem_No = pg_Exec($conn,"SELECT seminar_id FROM seminar WHERE name > =\"$Sem\""); Double quotes are for quoting column names, not string constants. > $Sem_No = pg_Exec($conn,"SELECT seminar_id FROM seminar WHERE name > ='$Sem'"); Better, but all strings, especially provided by some user, should be treated by the function pg_escape_string. Consider that some user types in a form field a text like this: '; delete from seminar where ''=' When you add single quotes you get two valid queries. One of them is what you would never want to be executed ;-) And, by the way - pg_exec is a deprecated name AFAIK. The new one is pg_query. -- Ceterum censeo Internet Explorer esse delendam.
Description: PGP signature