Error in SQL syntax

[colonelu81]

The code is :

<?
session_start();
include ("lib/dbconnect.php");
$autorID=intval($_GET["autorid"]);
$autoriDS=safe_query("SELECT autori.* FROM autori WHERE autori.id=".$autorID);
$autorRow=mysql_fetch_object($autoriDS);
$detalii=$autorRow->cv;
$autor=$autorRow->autor;
include ("header.php");
?>

when running /autor.php?autorid=44988 it's OK ( where XXXXX is a number)

But when i run /autor.php?autorid=44988blblb i need the page to show
/autor.php?autorid=44988 . Instead i get

error nr: 1054
Unknown column '44988blblb' in 'where clause'
Interogarea: SELECT autori.* FROM autori WHERE autori.id=44988blblb

What should i change in the code ?
Thanks !

[asmith20002]

I don't know why your intval() function is failing there. Try changing
$autorID=intval($_GET["autorid"]);
to
$autorID= (int) $_GET["autorid"];

[aj_nsc]

You've got two problems, your SQL syntax and the value you are trying to parse from the query string.

The code should look like this:

PHP Code:

session_start();
include ("lib/dbconnect.php");
$autorID=preg_replace('/[^\d]/g','',($_GET["autorid"])); //replace and single character that's not a digit 
//OR
preg_match('/^(\d+)/',$_GET["autorid"],$matches);
$autorID = $matches[1]; //grab all the digits from the start of a string to the point where there are no more digits
$autoriDS=safe_query("SELECT autori.* FROM autori WHERE autori.id='".$autorID."'"); //encapsulate $autorID in single quotes!!! (your first problem)
$autorRow=mysql_fetch_object($autoriDS); 
$detalii=$autorRow->cv;
$autor=$autorRow->autor;
include ("header.php");