using $_POST in multiple SQL queries on Different pages

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nishmgopal
Forum Contributor
Posts: 101
Joined: Tue Mar 03, 2009 9:38 am

using $_POST in multiple SQL queries on Different pages

Post by nishmgopal »

Hi

I am using

$getjob = $_POST['job'];

to use in my sql query and it works fine for one of my forms, but I have just tried to use it again in the same way but it doesnt work.

Can I not use this same variable across my site? The code I am using is below, this code produces no errors but doesnt shows a blank table.

Code: Select all

      
$getjob=$_POST['job'];
 
 $query1 = "SELECT * FROM Job_Spec WHERE Project_Name ='$getjob'";
   $result1 = mysql_query($query1);
   
$colcnt1 = 0;
 
 
   while ($row1 = mysql_fetch_array($result1,MYSQL_ASSOC)) {
  {
     if (!$colcnt1)
     {     
          $colcnt1 = 7;    
    }
 
   $colcnt1--;{
      $Name1 = $row1['Name'];
      $Java1 = $row1['Java'];
      $Leadership1 = $row1['Leadership'];
      $Communication1 = $row1['Communication'];
      $Teamwork1 = $row1 ['Team_Work'];
      $Problem_Solving1 = $row1['Problem_Solving'];
      }
}
}
{



thanks
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Re: using $_POST in multiple SQL queries on Different pages

Post by JAB Creations »

8O

You need to escape all data that goes in to your database without any exception!

Change...

Code: Select all

$getjob = $_POST['job'];
...to...

Code: Select all

$getjob = mysql_real_escape_string($_POST['job']);

...and do that for all things that go in to your database period. It doesn't matter if it's from $_POST, $_GET, $_COOKIE, etc...you can never trust client data. That above all else is the most important thing you should be doing right now as if you have any code unprotected from SQL inject attacks on a live website it is massively open to an easy attack.

Once you've resolved that...

I recommend using phpMyAdmin if you're not too experienced (like myself) yet with MySQL. If it fails it'll give you a nice error message that you can use to figure out what you did wrong. Good luck and secure your code first and foremost!
Post Reply