Click here to Skip to main content
15,850,685 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
function car_in_period () {
    $car_id = $_GET['car_id'];
    $date1 = $_GET['date1'];
    $date2 = $_GET['date2'];
    $queryy = "SELECT car_id FROM `form1_weight` WHERE 'car_id' = ".$car_id." AND 'reg_date' BETWEEN '".$date1."' AND '".$date2."'";
    $result4 = select_data ($queryy);
    $num_rows = mysqli_num_rows($result4);


What I have tried:

please help me fix this error i checked my sql table and everything is fine 
Posted
Updated 5-Jun-21 1:55am
Comments
Richard Deeming 7-Jun-21 12:36pm    
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]

Pretty ironic for an account with "security" in the name. 🤣

1 solution

Please read the documentation: PHP: mysql_query - Manual[^], and you will clearly see that when the query statement fails the call returns the boolean value FALSE. Do not assume that your API calls always do what you think; check the return values first.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900