I'm having a bit of a problem with a MySQL query. Basically in my table I've got a field called name which contains a very short set of words seperated by underscores with a last underscore and timestamp on the end of it. I'm trying to use a select query with it like this one

$name = "hello_there_301220041256";
mysql_query(SELECT FROM table WHERE name = $name);

Thats just paraphrased, I'm sure the PHP is correct because it works fine if I use the id field instead so I'm guessing its the query thats causing problems. Can you use a SELECT WHERE on a field like the one I have, its in the DB defined as a CHAR. I've tried encapsulating it in quotes as well as using a % as a wildacard but I'm not getting anywhere!

I'm sure I'm missing something stupid but this is the first large MySQL backend I've really worked on so I probably missed something simple. Can anyone poin tme in the right direction.

Cheers.

I really don't think I should be allowed to post here anymore. I was still validating the variable as a number (cause it used to be a number) and it was printing out an error in black on a black background! Do you ever just look at yourself and think, god what a prat!

Actually, I've got a question (see, not a wasted thread *cough* )! I've written a few validation classes to validate simple stuff like email addresses, text only, numbers only etc to make sure theeres the right info and no sql injection but how the hell am I supposed to do that with a variable like the one I've got being passed back and forth? Just as a reminder it looks like this:
hello_everyone_131220041354

There could be any number of words in it (obviously to a limit) and therefore any number of underscores. At the moment I'm using addslashes before executing the query. Is this a good idea?

I always use it, are you using a code like this;



? Because it's always worked for me

Its along those lines. I've got a few different functions to check for different things. So I got one function for emails, one for numbers and one for text strings. I was using th enumber only validation to check the url when I was using an ID number to call the correct page. I can't really do that now. I've go tsomething similar to what you've got above in a converter class which I use before commiting things to the DB cause I'm using special codes and then converting them to html tags (as well as quotes and tags in case some tries to put just a tag in).

The thing with the new url I'm usin gis that the variable isn't numbers only, its not text only and it has a punctuation mark in it. I'm fairly sure its safe with using addslashes to prevent sql injection but I'm not 100% sure and it seems less secure than other aspects of my site yet probably the most likely to get targeted in an attack.

You can have a look at the url site using the weird url (I should copyright that! ) at www.tazr.com. See if you can break it, I've got a copy of the DB so its OK.