Drop-down filter menu
Moderator: General Moderators
-
phpflixnewbie
- Forum Contributor
- Posts: 132
- Joined: Fri Nov 17, 2006 11:46 am
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Anywhere there is something going into your database, wrap that var in mysql_real_escape_string().
Code: Select all
<?php
$var = mysql_real_escape_string($var);
$sql = "INSERT INTO table (field) VALUES ('$var')";
?>-
phpflixnewbie
- Forum Contributor
- Posts: 132
- Joined: Fri Nov 17, 2006 11:46 am
Like so?:
Code: Select all
if(!empty($dvdgenre)) {
mysql_real_escape_string($releasedate);
mysql_real_escape_string($dvdgenre);
$query = "SELECT dvd_titles.dvd_id
, dvd_title
, ROUND((coalesce(sum(totalfilm),0)
+coalesce(sum(empire),0)
+coalesce(sum(radiotimes),0)
+coalesce(sum(independent),0)
+coalesce(sum(mirror),0)
+coalesce(sum(guardian),0)
) /
coalesce( count(totalfilm)
+count(empire)
+count(radiotimes)
+count(independent)
+count(mirror)
+count(guardian)
),1) as rounded_rating
, prodn_year
, date_format(dvd_rlsdate,'%d %b %y') as rlsdate
, dvd_genre
, totalfilm
, empire
, radiotimes
, independent
, mirror
, guardian
, form_value
FROM dvd_titles
, dvd_genres
, critics_ratings
, rls_quarters
, show_all
WHERE dvd_genres.dvd_id=dvd_titles.dvd_id
AND dvd_titles.dvd_id=critics_ratings.dvd_id
AND dvd_titles.dvd_id=rls_quarters.dvd_id
AND dvd_titles.dvd_id=show_all.dvd_id
AND (rls_quarter='$releasedate' OR form_value='$releasedate')
AND (dvd_genre='$dvdgenre' OR form_value='$dvdgenre')
GROUP BY dvd_titles.dvd_id
ORDER BY dvd_title";
}
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
-
phpflixnewbie
- Forum Contributor
- Posts: 132
- Joined: Fri Nov 17, 2006 11:46 am
Yes I get no errors so assume its working ok. I'd like to take this opportunity to say a very, very big THANKYOU to Everah, without whom I just could not have completed this application. I have learnt SO much from him, my understanding of basic PHP principles has improved greatly.
I really hope this thread will be useful for any other PHP newcomers!!!!. I will certainly be sticking around this forum, and I hope to contribute helping any newcomers as much as I can.
THANKYOU EVERAH THANKYOU!!!!!!!!

I really hope this thread will be useful for any other PHP newcomers!!!!. I will certainly be sticking around this forum, and I hope to contribute helping any newcomers as much as I can.
THANKYOU EVERAH THANKYOU!!!!!!!!
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA