Page 1 of 1

[SOLVED] Problem listing items

Posted: Tue Apr 03, 2007 1:22 pm
by Noobie
Hi

I'm having a few problems and can't quite see what I'm doing wrong.

This is the query bit:

Code: Select all

// get the id from the URL request
 $feature_section = $_REQUEST['feature_section_name'];

// retrieve the row from the database
$query = "SELECT  feature_id, feature_title, feature_date, feature_section FROM featurearticles WHERE feature_section='$feature_section' ORDER by feature_id DESC ";
The issue is that this query seems to only return one item with the correct feature section name when I want it to return all the items with the same feature section name.

The "feature_section_name" item comes from a different table to the other information but it's appending the correct info onto the end of the URL eg: http://www.whatever.co.uk/featurearticl ... _name=News

Posted: Tue Apr 03, 2007 1:45 pm
by Oren
I have few things to tell you which are much more important...

1. Use $_GET instead of $_REQUEST. It is a better approach if you care about security.
2. mysql_real_escape_string()
3. Google for "sql injection".
4. In your query, why do you select "feature_section" if you know that all the results will have the same feature_section anyway?

Posted: Tue Apr 03, 2007 1:54 pm
by Noobie
Thanks for that information Oren. I've changed it to this:

Code: Select all

// get the id from the URL request
$feature_section = $_GET['feature_section_name'];

// retrieve the row from the database

$result=mysql_query('SELECT feature_id, feature_date, feature_section, feature_title FROM featurearticles WHERE feature_section="'.mysql_real_escape_string($_GET['feature_section_name']).'" ORDER by feature_id DESC');

But I still get the same result - one item listed rather than several

I'm not sure I understand your question about why I select by feature_section. I thought that I had to include all the table items that I wanted to use at any stage of the query in that initial query (like the id, date, title, section etc). As my name would suggest - I'm fairly new at this.

Any tips about how to get it to list all the items with that particular feature_section_name?

Posted: Tue Apr 03, 2007 2:15 pm
by Oren
First, are you sure that you have in your table more than 1 record with this specific feature_section that you supply in the URL?

You don't understand my question? I'll clarify this... you do:

Code: Select all

WHERE feature_section = $feature_section
(You do it a bit different but there is no point in posting the whole code - you understand what I mean here - I hope :P)

Therefore, all the results (if any) will have the same feature_section, and this feature_section is the value of $feature_section.

P.S The code is just a little bit better now but you still need to google and read (in depth if possible) about "sql injections" :wink:

Posted: Tue Apr 03, 2007 2:25 pm
by Noobie
Hi again Oren

Thank you for your patience with me. I checked and there's definitely more than one item with the same feature_section in the table.

I'll try to explain what I was attempting to do - just don't laugh ok?

So the URL has a feature section name appended to it which comes from another separate table (the item name is feature_section_name).

So in my probably muddled thinking I was trying to associate this item (feature_section_name) from the URL to something on the current page so that I could then compare it to an item (feature_name) in the other table within the query. Sort of like this in plain speech:

thing1 = thingappendedtourl

select * from table where thethingIwanttolist = thing1

:oops:

Posted: Tue Apr 03, 2007 2:45 pm
by Oren
Noobie wrote:So the URL has a feature section name appended to it which comes from another separate table (the item name is feature_section_name).
Then why you are passing it through the URL? It's pretty much like shooting in your own foot (if not worse :P).

Posted: Tue Apr 03, 2007 3:19 pm
by RobertGonzalez
Show all of your code. I suspect that the query is returning the data properly but the code is not accessing it correctly. Also, run that exact same query in your DB admin tool (phpMyAdmin, MySQL Administrator, SQLYog, etc) to make sure that the result you would get under the correct code conditions is what you are getting here.

Posted: Tue Apr 03, 2007 4:52 pm
by Noobie
:oops: Ok I've figured out what (stupid thing) I was doing wrong.

I should have been running a

Code: Select all

while ($row = mysql_fetch_array($result)) {
instead of

Code: Select all

if( $result && $featurearticle = mysql_fetch_object( $result ) )    {
It now works perfectly.

Sorry and thank you for your help.

Posted: Tue Apr 03, 2007 5:04 pm
by RobertGonzalez
Would you mind editing the original post title and adding a [SOLVED] in front of it? Thanks. And I'm glad you got it sorted out.