CODEWITHSUNDEEP
phppostgresql
satish kilari
satish kilari

Reputation: 728

What is going wrong with this query?

public function get_modno_sno($id) 
{   
    $query = 'select  a.model_no,a.serial_no,a.stock_id from tra_item_stock a where a.trans_id is  NULL and a.model_no = '.$id.'
    union
    select  a.model_no,a.serial_no,a.stock_id from tra_indent_issue_details_2 a where a.flag = 3 and a.model_no ='.$id;
    $result = $this->db->query($query);
    return $result->result();
}

When I run this query error displayed as:

column "kb234" does not exist

kb234 is character varying value passed to $id

Upvotes: 2

Views: 62

Answers (2)

Mureinik
Mureinik

Reputation: 311073

You do not surround kb234 with quotes, so the database identifies it as a column name.

You could modify you code to include the quotes:

public function get_modno_sno($id) 
    {   
        $query = "select  a.model_no,a.serial_no,a.stock_id from tra_item_stock a where a.trans_id is  NULL and a.model_no = '$id'
        union
        select  a.model_no,a.serial_no,a.stock_id from tra_indent_issue_details_2 a where a.flag = 3 and a.model_no = '$id'";
        $result = $this->db->query($query);
        return $result->result();
    }

Note, however, that creating SQL queries by using string manipulation is a dodgy practice, that leaves your code vulnerable to SQL injection attacks. You should consider using a prepared statement.

Upvotes: 3

Kyhle Ohlinger
Kyhle Ohlinger

Reputation: 172

.model_no ='.$id;

is missing an ' at the end for the union query

Upvotes: 2

Related Questions