Unknown column in where clause error

I receive this message ONLY when my prodid is alphanumeric. If my prodid is
1234 or 1234-100 I get no errors but when it has an alpha character it
errors out (ex. 0850V, P1-100).

This is the code in question.
$colors = mysql_query("SELECT COLOR FROM colors WHERE PRODID =
".$row_products['PRODID'], $connection) or die (mysql_error());

And the error is: Unknown column '0850V' in 'where clause'

I have the datatype set to varchar(255). I can avoid the error by adding
double quotes around the prodid's, however then it displays this information
with the quotes. Any suggestions? Thanks in advance.

On Sat, 16 Aug 2003 09:23:40 -0400, "Rocket Rob" <rob_robster-AT-hotmail.com>
wrote:

>I receive this message ONLY when my prodid is alphanumeric. If my prodid is
>1234 or 1234-100 I get no errors

But you'll get the wrong result; 1234-100 is 1224.

>but when it has an alpha character it errors out (ex. 0850V, P1-100).
>
>This is the code in question.
>$colors = mysql_query("SELECT COLOR FROM colors WHERE PRODID =
>".$row_products['PRODID'], $connection) or die (mysql_error());
>
>And the error is: Unknown column '0850V' in 'where clause'
>
>I have the datatype set to varchar(255). I can avoid the error by adding
>double quotes around the prodid's, however then it displays this information
>with the quotes. Any suggestions? Thanks in advance.

Use single quotes for quoting strings, and if it's MySQL where you are forced
to stuff values into literal SQL strings, ensure any single quotes in the value
are escaped.

(Your code as it stands is a security nightmare)

--
Andy Hassall (andy@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)

"Andy Hassall" <andy@andyh.co.uk> wrote in message
news:niesjv8pf33indeganqaql69u9d43t8mmc@4ax.com...
> On Sat, 16 Aug 2003 09:23:40 -0400, "Rocket Rob"
<rob_robster-AT-hotmail.com>
> wrote:
>
> >I receive this message ONLY when my prodid is alphanumeric. If my prodid
is
> >1234 or 1234-100 I get no errors
>
> But you'll get the wrong result; 1234-100 is 1224.
>
> >but when it has an alpha character it errors out (ex. 0850V, P1-100).
> >
> >This is the code in question.
> >$colors = mysql_query("SELECT COLOR FROM colors WHERE PRODID =
> >".$row_products['PRODID'], $connection) or die (mysql_error());
> >
> >And the error is: Unknown column '0850V' in 'where clause'
> >
> >I have the datatype set to varchar(255). I can avoid the error by adding
> >double quotes around the prodid's, however then it displays this
information
> >with the quotes. Any suggestions? Thanks in advance.
>
> Use single quotes for quoting strings, and if it's MySQL where you are
forced
> to stuff values into literal SQL strings, ensure any single quotes in the
value
> are escaped.
>
> (Your code as it stands is a security nightmare)
>
> --
> Andy Hassall (andy@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
> Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)


Thank you for the response.

> But you'll get the wrong result; 1234-100 is 1224.

Actually, this is incorrect. I have several products displaying properly.
13-400 displays properly, not as -387. All my items which have a hyphen are
displaying how I want, not as a subtraction.

> (Your code as it stands is a security nightmare)

What about this piece of code concerns you? I am very new to php.

Thanks.