broken loop / frozen iterator?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have this code:
$query = $queryString;

    foreach($_POST as $key=>$val)
    if (empty($val))
    if($i !== 1)
        {$query." OR ";
    $query.= $key." LIKE "."'$val'";

    //echo $i."<br>";
    //echo $key."--".$val."<br>";

        $query .= $queryOrder;
        echo $query;
        //return $query;


    As you can see it's supposed to iterate through the _POST array
and construct a query, prepending "OR" to each (_POST key LIKE _POST
value) *except* the first one- hence the if ($i !== 1) part.

    Instead, I get:

(the query is echoed, you can see that the "OR" is omitted)
SELECT fileName, documentSubject FROM `t_LnIdocs` WHERE order by
(error message)
[Microsoft][ODBC Microsoft Access Driver] Syntax error in WHERE
clause. Results:

Fatal error: Call to a member function MoveNext() on a non-object in C:
\xampp\htdocs\ffs\ on line 42

      As you can see, instead of MySQL I'm having to use ADODB to
query an Access database as an ODBC data source.
      As you also can probably see, I am a newcomer to PHP and not
entirely sure what I'm doing. I sure can't tell what I'm doing wrong
here. It seems as though the $i++ at the top of the foreach loop is
only evaluating once, freezing the value of $i at 1, or else the loop
that checks the value of $i is broken.
      Can anyone tell me what I've done wrong here?
      My understanding is that the _POST array is an associative array
so that's why I've plugged in my own iterator. Is there an index I
should be using instead?

Re: broken loop / frozen iterator?

Quoted text here. Click to load it

     Ok, I'm an idiot. After banging my head on the wall for several
hours I finally noticed that I did:
        $query. " OR "
       instead of
        $query.=3D" OR "

     Well, don't be disappointed, I have another, possibly even dumber
question. Two out of the three (at the moment) query values are
supplied by drop-down menus, which are populated by a 'select
distinct' to the fields they are meant to query, so that the values
will match exactly. The third is supplied by a text box into which the
user can type a search term. AFAIK this would work in MySQL because I
could do a 'select these_things from this_table where some_field
CONTAINS "$value" ' or some such. However MS Access SQL doesn't
contain anything like that as far as I can tell. Is there some way to
search for a string inside of a big fat text field in Access SQL?
     Yes, I realize that this isn't technically a PHP question, and
I'm looking elsewhere as well- but I'd hoped someone here might have
an answer or an idea of where to look- MSDN is no help :(

Re: broken loop / frozen iterator?

deliverator wrote:
Quoted text here. Click to load it

First of all, don't just assume the entries in the $_POST array are your
two drop-down menus.  There may be additional information you don't
expect - always use the specific names of the indexes you want.

Second, don't assume the data in these fields is what you expect.
Always validate the data to ensure it is what you expect.

The bottom line is - I can easily create a form on my system which
points at your site - and submits ANYTHING I want it to submit.

Google for SQL Injection and understand why you NEVER trust data being
sent from the user's browser.

As for your other question - try the Microsoft newsgroups.  This isn't
the right place.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Site Timeline