Page 1 of 1

PHP and MySQL Help

Posted: Fri Feb 17, 2006 6:45 am
by Ady
'pages' Table:
Image

Code: Select all

<?
include("config.php");
$sql="SELECT * FROM pages WHERE id='$user'";
$result3=mysql_query($sql);
$rows2=mysql_fetch_array($result3);
$user2=$rows2['id'];
$key2=$rows2['key'];
$title2=$rows2['title'];
$body2=$rows2['body'];
if($user==$user2 && $page==$key2){ echo ('<b>' . $title2 . '</b><br>' . $body2); };
?>
I'm sure I've done this right, but it doesn't work. :( I'm trying to make it so if you visit the page with ?user=#&page=#, it searches the table for rows with whatever $user and $page are. If they are both in the same row, then it displays 'title' and 'body' from that row. I hope someone understands what I'm talking about... any help is appreciated. :)

PS. Sorry my code is probably really messy, I'm not too good with PHP / MySQL.

Posted: Fri Feb 17, 2006 7:12 am
by Benjamin

Code: Select all

$sql = "SELECT * FROM pages WHERE id='" . mysql_escape_string($_GET['user']) . "'";
That is one thing you should fix. I changed it for you. The variable was inside single qoutes so it would not have worked, and variables in a URL are in the $_GET array unless you have register globals on, which you shouldn't. And then add mysql_escape_string for a little security.

Posted: Fri Feb 17, 2006 7:37 am
by Ady
agtlewis wrote:

Code: Select all

$sql = "SELECT * FROM pages WHERE id='" . mysql_escape_string($_GET['user']) . "'";
That is one thing you should fix. I changed it for you. The variable was inside single qoutes so it would not have worked, and variables in a URL are in the $_GET array unless you have register globals on, which you shouldn't. And then add mysql_escape_string for a little security.
Ah, cheers. :) I don't know much about PHP, but I'm learning. ;) I've editted my script now, but it still doesn't work lol. :(

Posted: Fri Feb 17, 2006 8:46 am
by JayBird
agtlewis wrote:<snip>The variable was inside single qoutes so it would not have worked,</snip>
Not entirely true int he above example.

This would work fine

Code: Select all

$user = "Pimptastic";
$sql="SELECT * FROM pages WHERE id='$user'";
This wouldn't

Code: Select all

$user = "Pimptastic";
$sql='SELECT * FROM pages WHERE id="$user"';