PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
radium35
Forum Commoner
Posts: 50 Joined: Mon Nov 10, 2008 5:05 pm
Location: USA
Contact:
Post
by radium35 » Sat Jul 04, 2009 4:05 pm
***** Please use a descriptive title for your posts *****
how do i had a variable to a mysql query? tried many times and nothing! there is a value in the var but it does not work?
***** Please use the Code: Select all
tag when posting PHP *****[/color]Code: Select all
$userid = $_GET[id];
if (!$link = mysql_connect('localhost', 'u', 'p')) {
echo 'Could not connect to mysql';
exit;
}
if (!mysql_select_db('modelsite', $link)) {
echo 'Could not select database';
exit;
}
$sql = 'SELECT username FROM members WHERE id = [b]$userid'[/b];
$result = mysql_query($sql, $link);
Christopher
Site Administrator
Posts: 13596 Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US
Post
by Christopher » Sat Jul 04, 2009 4:56 pm
(#10850)
Sephern
Forum Commoner
Posts: 73 Joined: Sun Jan 04, 2009 4:44 pm
Post
by Sephern » Sat Jul 04, 2009 7:35 pm
Code: Select all
$sql = "SELECT username FROM members WHERE id = '$userid'";
requinix
Spammer :|
Posts: 6617 Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA
Post
by requinix » Sat Jul 04, 2009 8:00 pm
Sephern wrote: Code: Select all
$sql = "SELECT username FROM members WHERE id = '$userid'";
Actually, if $userid is a number then you shouldn't be using quotes.
Code: Select all
$userid = (int)$_GET["id"]; // quotes! and type casting!
$sql = "SELECT username FROM members WHERE id = $userid";
radium35
Forum Commoner
Posts: 50 Joined: Mon Nov 10, 2008 5:05 pm
Location: USA
Contact:
Post
by radium35 » Wed Jul 08, 2009 11:28 am
what if the variable is a $_POST or $_GET etc
requinix
Spammer :|
Posts: 6617 Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA
Post
by requinix » Wed Jul 08, 2009 12:32 pm
radium35 wrote: what if the variable is a $_POST or $_GET etc
What do you think? Think that maybe you should use whatever array is appropriate for your situation? Sounds like a good idea to me.
If you're responding to my "if $userid is a number" with "what if $userid is a $_POST or $_GET" then your question doesn't make sense.
superdezign
DevNet Master
Posts: 4135 Joined: Sat Jan 20, 2007 11:06 pm
Post
by superdezign » Wed Jul 08, 2009 12:34 pm
radium35 wrote: what if the variable is a $_POST or $_GET etc
Then it counts as user input and must be validated prior to use (like ~tasairis' typecasting suggestion).