On Mon, 2005-03-21 at 20:41 -0700, Patrick Fleming, EA wrote: > > Craig White wrote: > > I have a problem with quoting strings > > > > My problem is with php/mysql but I would venture to guess that this > > issue is almost across the board problem and not specific to this pair. > > > > My string... > > (php) > > $my_search = "SELECT * from horde_datatree WHERE user_uid = \"$user\" \ > > AND (group_uid = 'horde.shares.kronolith' OR group_uid = \ > > 'horde.shares.nag' OR gr\oup_uid = 'horde.shares.imp' OR group_uid = \ > > 'horde.shares.turba' OR group_uid = 'horde.shares.mnemo')"; > > > > > $my_search ="SELECT * from horde_datatree where user_uid = '$user' AND > ---- of course putting single quotes around $user means that the variable won't expand - but the option here is to pass the $user variable through the post and expand it there I guess. ---- > > > which results in (an example - variable expanded) > > > > SELECT * from horde_datatree WHERE user_uid = "jennifer" AND (group_uid > > = 'horde.shares.kronolith' OR group_uid = 'horde.shares.nag' OR > > group_uid = 'horde.shares.imp' OR group_uid = 'horde.shares.turba' OR > > group_uid = 'horde.shares.mnemo') > > > > now I need to pass this string (along with other things) in an html POST > > operation... > > > > echo " > value=\"$search_string\">"; > > echo " value=\"$search_string\">"; > > Not sure if it matters but I see that you are mixing quotation marks. > I did notice that you are using $my_search above and $search_string here. ---- yeah sorry - I clipped it from the last revision where I changed it and the next line - which I didn't include, set the value of $search_string to equal $my_search As for mixing quotes...my preference is to generally use the single quote to quote a long string and double quotes for inside strings. Of course any variables inside of a single quote string won't expand and that isn't always possible - which is why they are done the opposite way as you've noted in the above. I am gonna try out escaping all double quotes as you have done though - it would be better if I could escape single quotes (it would probably solve my problem) - but that doesn't work (perhaps it is a php problem). ---- > > I guess one other question that I might have is why are you passing the > whole query instead of just the user_uid string? > That way you check to see if user_uid is set, and if so load it into the > query. ---- OK - well - I think that is a corollary to the issue that Ted raised but I can tell you my answer - I'm looking for simplicity... I have a number of different choices on this page which is going to post to another php file. This page lists all of the found attributes (from a mysql db) and displays a checkbox on each row. There is a pop-up list (Select in html form) and several buttons to give an action. If I can pass the search string (which will be different each time), the value of the check boxes, the value of the pop-up list and the value of the action button, this will post to a php file/program which will re- run the search, populate arrays row by row but only where the value matches the array of numbers from the checkbox, and either (update/select into the table the value passed from the select box) or (delete the records from the table). Thus if I could pass the entire search string, I don't have to redo all of the same code in the target file that builds the search string that I have in the source file. I know it's convoluted and I thought that I wouldn't bother everyone with all of these details. Craig --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss