Problem with SQL query

I can’t understand what the problem is, there is such a sql query that should only return articles of the category that is passed in the GET request: `

$cat = "SELECT d.id,d.cat,d.text,d.title,d.description,d.date,c.text,c.cat,c.titlecat FROM data d LEFT JOIN categories c ON d.cat = c.id WHERE d.cat = '$one'";

Here’s the validation of the incoming request:

if(isset($_GET['cat'])) {   $_GET['cat'] = $cats[$_GET['cat']];     $one = $_GET['cat']; }

If instead of the variable $one in the query you write a number that corresponds to the category of news, then everything works fine, if you leave $one, then nothing is displayed on the page. I checked what is contained in $one through echo, it displayed a number, that is, what is needed, but why is only a number and not a variable accepted in the request, because the values ​​are the same?


Answer 1

Make the output of your SQL and ONE – anyway, in your SQL instead of ONE – an empty space, i.e. if you put ”, then it searches for d.cat = ”, if you remove quotes, then SQl considers that the string is not completed, i.e. d.cat =– what is it equal to? The problem is most likely in the check, besides – if your cat is not transmitted via GET, then what will it be equal to? add something like: if … else $one = 1;
And in SQL it doesn’t matter how many spaces, trim and other nonsense – this is for normal addition, so that later you don’t have to worry about searching, but for WHERE – put as many as you want, the main thing is that there are spaces not in the line itself, i.e. you can: WHERE id = ‘many-spaces 1 again-many-spaces’– if id is a number, but you can’t WHERE name = ‘many-spaces Ivan Ivanovich again-many-spaces’– if name is a string


Answer 2

remove the single quotes around $oneif it’s a number, and better yet:

$one = intval($_GET['cat']);

UPD:

Why such rubbish:

$_GET['cat'] = $cats[$_GET['cat']];
$one = $_GET['cat'];

Isn’t it easier right away:

$one = intval($cats[$_GET['cat']]);

Answer 3

Of course, I have nothing against it, but you should read exactly what errors it displays, and if the query is no longer running, print what it will look like after the injection of variables, and not the variables themselves, then test it manually.


Answer 4

and if trim(), suddenly spaces crept in


Answer 5

Join is not faithful…

LEFT JOIN categories c ON c.id=d.cat

Answer 6

I think I should remove the spaces between key=value.

$cat = "SELECT d.id,d.cat,d.text,d.title,d.description,d.date,c.text,c.cat,c.titlecat FROM `data` d LEFT JOIN categories c ON d.cat=c.id WHERE d.cat=".$one;

Try this query :))


Answer 7

If you try to do the following: echo '$one'then the interpreter will treat ‘$one’ as a string and output the contents of the quotes, and without them it is a variable that contains the value you need, in order to avoid For similar errors, learn more about variables and data types in PHP.