[SOLVED] Problem listing items

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Noobie
Forum Commoner
Posts: 85
Joined: Sun May 15, 2005 11:38 am

[SOLVED] Problem listing items

Post by Noobie »

Hi

I'm having a few problems and can't quite see what I'm doing wrong.

This is the query bit:

Code: Select all

// get the id from the URL request
 $feature_section = $_REQUEST['feature_section_name'];

// retrieve the row from the database
$query = "SELECT  feature_id, feature_title, feature_date, feature_section FROM featurearticles WHERE feature_section='$feature_section' ORDER by feature_id DESC ";
The issue is that this query seems to only return one item with the correct feature section name when I want it to return all the items with the same feature section name.

The "feature_section_name" item comes from a different table to the other information but it's appending the correct info onto the end of the URL eg: http://www.whatever.co.uk/featurearticl ... _name=News
Last edited by Noobie on Wed Apr 04, 2007 3:07 am, edited 2 times in total.
User avatar
Oren
DevNet Resident
Posts: 1640
Joined: Fri Apr 07, 2006 5:13 am
Location: Israel

Post by Oren »

I have few things to tell you which are much more important...

1. Use $_GET instead of $_REQUEST. It is a better approach if you care about security.
2. mysql_real_escape_string()
3. Google for "sql injection".
4. In your query, why do you select "feature_section" if you know that all the results will have the same feature_section anyway?
Noobie
Forum Commoner
Posts: 85
Joined: Sun May 15, 2005 11:38 am

Post by Noobie »

Thanks for that information Oren. I've changed it to this:

Code: Select all

// get the id from the URL request
$feature_section = $_GET['feature_section_name'];

// retrieve the row from the database

$result=mysql_query('SELECT feature_id, feature_date, feature_section, feature_title FROM featurearticles WHERE feature_section="'.mysql_real_escape_string($_GET['feature_section_name']).'" ORDER by feature_id DESC');

But I still get the same result - one item listed rather than several

I'm not sure I understand your question about why I select by feature_section. I thought that I had to include all the table items that I wanted to use at any stage of the query in that initial query (like the id, date, title, section etc). As my name would suggest - I'm fairly new at this.

Any tips about how to get it to list all the items with that particular feature_section_name?
User avatar
Oren
DevNet Resident
Posts: 1640
Joined: Fri Apr 07, 2006 5:13 am
Location: Israel

Post by Oren »

First, are you sure that you have in your table more than 1 record with this specific feature_section that you supply in the URL?

You don't understand my question? I'll clarify this... you do:

Code: Select all

WHERE feature_section = $feature_section
(You do it a bit different but there is no point in posting the whole code - you understand what I mean here - I hope :P)

Therefore, all the results (if any) will have the same feature_section, and this feature_section is the value of $feature_section.

P.S The code is just a little bit better now but you still need to google and read (in depth if possible) about "sql injections" :wink:
Noobie
Forum Commoner
Posts: 85
Joined: Sun May 15, 2005 11:38 am

Post by Noobie »

Hi again Oren

Thank you for your patience with me. I checked and there's definitely more than one item with the same feature_section in the table.

I'll try to explain what I was attempting to do - just don't laugh ok?

So the URL has a feature section name appended to it which comes from another separate table (the item name is feature_section_name).

So in my probably muddled thinking I was trying to associate this item (feature_section_name) from the URL to something on the current page so that I could then compare it to an item (feature_name) in the other table within the query. Sort of like this in plain speech:

thing1 = thingappendedtourl

select * from table where thethingIwanttolist = thing1

:oops:
User avatar
Oren
DevNet Resident
Posts: 1640
Joined: Fri Apr 07, 2006 5:13 am
Location: Israel

Post by Oren »

Noobie wrote:So the URL has a feature section name appended to it which comes from another separate table (the item name is feature_section_name).
Then why you are passing it through the URL? It's pretty much like shooting in your own foot (if not worse :P).
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Show all of your code. I suspect that the query is returning the data properly but the code is not accessing it correctly. Also, run that exact same query in your DB admin tool (phpMyAdmin, MySQL Administrator, SQLYog, etc) to make sure that the result you would get under the correct code conditions is what you are getting here.
Noobie
Forum Commoner
Posts: 85
Joined: Sun May 15, 2005 11:38 am

Post by Noobie »

:oops: Ok I've figured out what (stupid thing) I was doing wrong.

I should have been running a

Code: Select all

while ($row = mysql_fetch_array($result)) {
instead of

Code: Select all

if( $result && $featurearticle = mysql_fetch_object( $result ) )    {
It now works perfectly.

Sorry and thank you for your help.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Would you mind editing the original post title and adding a [SOLVED] in front of it? Thanks. And I'm glad you got it sorted out.
Post Reply