look!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
radium35
Forum Commoner
Posts: 50
Joined: Mon Nov 10, 2008 5:05 pm
Location: USA
Contact:

look!

Post by radium35 »

***** Please use a descriptive title for your posts *****

how do i had a variable to a mysql query? tried many times and nothing! there is a value in the var but it does not work?

***** Please use the

Code: Select all

tag when posting PHP *****[/color]

Code: Select all

$userid = $_GET[id];
 
 
 
if (!$link = mysql_connect('localhost', 'u', 'p')) {
    echo 'Could not connect to mysql';
    exit;
}
 
if (!mysql_select_db('modelsite', $link)) {
    echo 'Could not select database';
    exit;
}
 
 
 
$sql    = 'SELECT username FROM members WHERE id = [b]$userid'[/b];
$result = mysql_query($sql, $link);
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: look!

Post by Christopher »

(#10850)
Sephern
Forum Commoner
Posts: 73
Joined: Sun Jan 04, 2009 4:44 pm

Re: look!

Post by Sephern »

Code: Select all

 
$sql = "SELECT username FROM members WHERE id = '$userid'";
 
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: look!

Post by requinix »

Sephern wrote:

Code: Select all

$sql = "SELECT username FROM members WHERE id = '$userid'";
Actually, if $userid is a number then you shouldn't be using quotes.

Code: Select all

$userid = (int)$_GET["id"]; // quotes! and type casting!
$sql = "SELECT username FROM members WHERE id = $userid";
User avatar
radium35
Forum Commoner
Posts: 50
Joined: Mon Nov 10, 2008 5:05 pm
Location: USA
Contact:

Re: look!

Post by radium35 »

what if the variable is a $_POST or $_GET etc
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: look!

Post by requinix »

radium35 wrote:what if the variable is a $_POST or $_GET etc
What do you think? Think that maybe you should use whatever array is appropriate for your situation? Sounds like a good idea to me.

If you're responding to my "if $userid is a number" with "what if $userid is a $_POST or $_GET" then your question doesn't make sense.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: look!

Post by superdezign »

radium35 wrote:what if the variable is a $_POST or $_GET etc
Then it counts as user input and must be validated prior to use (like ~tasairis' typecasting suggestion).
Post Reply