syntax error in blog get posts script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
suthie
Forum Commoner
Posts: 68
Joined: Sat Jun 09, 2007 10:46 am

syntax error in blog get posts script

Post by suthie »

I am making a blog type thing and I am trying to get the posts. I user this code:

Code: Select all

<?php

include 'session.php';
include 'dbconnect_silent.php';

$username = $user;


$sql = MYSQL_QUERY("SELECT * from dailyvibe WHERE userlink='$username' ORDER BY postid DESC")
   or die ("You have not made any Dig posts yet.");


$result = mysql_query($sql) or print ("Can't select entry from table php_blog.<br />" . $sql . "<br />" . mysql_error());

while($row = mysql_fetch_array($result)) {

    $date = date("l F d Y", $row['timestamp']);
    $title = stripslashes($row['title']);
    $entry = stripslashes($row['entry']);

    ?>

    <p><strong><?php echo $title; ?></strong><br /><br />
    <?php echo $entry; ?><br /><br />
    Posted on <?php echo $date; ?>
    </p>

    <?php
}

?>
and I get this error message:
Can't select entry from table php_blog.
Resource id #5
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #5' at line 1
where have I gone wrong?
suthie
Forum Commoner
Posts: 68
Joined: Sat Jun 09, 2007 10:46 am

Post by suthie »

sorry for the double post. this code works now:

Code: Select all

<?php

include 'session.php';
include 'dbconnect_silent.php';

$username = $user;


$sql = "SELECT * from dailyvibe WHERE userlink='$username' ORDER BY postid DESC";


$result = mysql_query($sql) or print ("Can't select entry from table php_blog.<br />" . $sql . "<br />" . mysql_error());

while($row = mysql_fetch_array($result)) {

    $date = 'today';
    $title = stripslashes($row['title']);
    $entry = stripslashes($row['entry']);

    ?>

    <p><strong><?php echo $title; ?></strong><br /><br />
    <?php echo $entry; ?><br /><br />
    Posted on <?php echo $date; ?>
    </p>

    <?php
}

?>
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

It's important that you run $username through mysql_real_escape_string() before the query if it's coming from a GET or POST value. Google "sql injection" for the why
Post Reply