PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
If mysql_query() is returning a result resource, the query executed correctly. Check mysql_num_rows() to see if it found any records. If it says zero, and you are expecting more than that, then you have a logical error in your query, not a syntactical one.
and then used directly in query without being backticked or escaped. This is an SQL injection vulnerability.
Between these two lines escape $table with mysql_real_escape_string() to overt this vulnerability. That goes for any other variables appearing in queries.
You're going to need to run a query that returns whether the table exists or not. Otherwise, even with escaping, someone could wonk your script by throwing a table into it that does not exist. Then your queries won't run. Are you sure you want the user telling your script which tables to use? Can your script decide programmatically?
the request gets it from the URL which is sent by the script before so its like
phpfile.php?table=anytable
yes they chose the table but the script adds it to the url i need the user to choose which table but it will show there fields and they type there search term in the text boxes that relate to the table
would it not be a better idea to send that as a post request, that URL could be modified by the user and whatever is input will be put into your sql query.
yes it could but it will always do the same thing i will do that when the script is created for use but for development i have made it like this so i can change the table
mysql_query(); // is a function
$variable // is a variable
= // means we are assigning something to the variable
'mysql_query("SELECT `field` FROM `table`")'; // this is not a function call, it is the name of a function with parameter stored as a string
// as a result:
echo $variable; // will echo 'mysql_query("SELECT `x` FROM `table`")'
echo mysql_query("SELECT `field` FROM `table`"); // will call the function and output the return value from the function.
// A good way to do it
$q = 'SELECT `field` FROM `table`';
echo mysql_query($q); // will use 'SELECT `field` FROM `table`' as a database query
// this will probably output nothing of use because mysql_query only returns a result resource. See the manual http://www.php.net/mysql_query/