Page 1 of 1

look!

Posted: Sat Jul 04, 2009 4:05 pm
by radium35
***** Please use a descriptive title for your posts *****

how do i had a variable to a mysql query? tried many times and nothing! there is a value in the var but it does not work?

***** Please use the

Code: Select all

tag when posting PHP *****[/color]

Code: Select all

$userid = $_GET[id];
 
 
 
if (!$link = mysql_connect('localhost', 'u', 'p')) {
    echo 'Could not connect to mysql';
    exit;
}
 
if (!mysql_select_db('modelsite', $link)) {
    echo 'Could not select database';
    exit;
}
 
 
 
$sql    = 'SELECT username FROM members WHERE id = [b]$userid'[/b];
$result = mysql_query($sql, $link);

Re: look!

Posted: Sat Jul 04, 2009 4:56 pm
by Christopher

Re: look!

Posted: Sat Jul 04, 2009 7:35 pm
by Sephern

Code: Select all

 
$sql = "SELECT username FROM members WHERE id = '$userid'";
 

Re: look!

Posted: Sat Jul 04, 2009 8:00 pm
by requinix
Sephern wrote:

Code: Select all

$sql = "SELECT username FROM members WHERE id = '$userid'";
Actually, if $userid is a number then you shouldn't be using quotes.

Code: Select all

$userid = (int)$_GET["id"]; // quotes! and type casting!
$sql = "SELECT username FROM members WHERE id = $userid";

Re: look!

Posted: Wed Jul 08, 2009 11:28 am
by radium35
what if the variable is a $_POST or $_GET etc

Re: look!

Posted: Wed Jul 08, 2009 12:32 pm
by requinix
radium35 wrote:what if the variable is a $_POST or $_GET etc
What do you think? Think that maybe you should use whatever array is appropriate for your situation? Sounds like a good idea to me.

If you're responding to my "if $userid is a number" with "what if $userid is a $_POST or $_GET" then your question doesn't make sense.

Re: look!

Posted: Wed Jul 08, 2009 12:34 pm
by superdezign
radium35 wrote:what if the variable is a $_POST or $_GET etc
Then it counts as user input and must be validated prior to use (like ~tasairis' typecasting suggestion).