1 
$send_event = $db->query(sprintf("SELECT `bmembMember` FROM `bmembBusiness` = '%u' WHERE `bmembBusiness` = '%u' ORDER BY `bmembId` DESC", $bs['busId'])) OR die('Cron not run') ;
while($se=$db->fetch_row($send_event))
{
$text = "The {$bs['busName']} business went bankrupt\, all members have been made redundent." OR die('Cron not run');

Thanks

Improve this question
2
  • 2
    It's worth looking into using prepared statements and bind variables and you should also check for failures ($send_event may be false if the query fails) Commented May 29, 2017 at 10:54
  • Using sprintf does not at all secure your database from SQL injection. Look into what NigelRen has mentioned. Commented May 29, 2017 at 12:10

3 Answers 3

Reset to default
2

Your sprintf uses 2 values, but you only provide one. One isn't needed anyway and that line should be

$send_event = $db->query(sprintf("SELECT `bmembMember` FROM `bmembBusiness` WHERE `bmembBusiness` = '%u' ORDER BY `bmembId` DESC", $bs['busId'])) OR die('Cron not run') ;
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

"one isn't needed" is slightly inaccurate - it shouldn't be there at all, as you can't use FROM table = 'something', it's simply FROM table.
'Slightly inaccurate' !!
thanks for the reply when i use that i get 500 server error
and when i do it like this $send_event = $db->query(sprintf("SELECT bmembMember FROM WHERE bmembBusiness = '%u' ORDER BY bmembId DESC", $bs['busId'])) OR die('Cron not run') ; then i get ........QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE bmembBusiness = '3' ORDER BY bmembId DESC' at line 1 Query was SELECT bmembMember FROM WHERE bmembBusiness = '3' ORDER BY bmembId DESC
Your missing the table name in this SQL - FROM WHERE is missing something in the middle.
|
1

Fix the FROM Clause which should fix the query.

 ...FROM `bmembBusiness` WHERE...
Improve this answer

Comments

-1

Highted area of query is wrong,

"SELECT bmembMember FROM bmembBusiness = '%u' WHERE bmembBusiness = '%u' ORDER BY bmembId DESC", $bs['busId'])

Try This Which should Fix the query :-

SELECT bmembMember FROM Table_name WHERE bmembBusiness Like '%u' ORDER BY bmembId DESC, abs(busId);

Improve this answer

1 Comment

Using Like instead of = changes the logic of the query. The reason the % is there is not for SQL but for sprintf

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.