Page 1 of 1

problem with php mysql

Posted: Thu Nov 15, 2007 4:09 am
by rameau1982
I want to make a query into a db through a php script sending variables trough POST. With mysql_error() it says that I have an error in the query : Select...
Can somebody help me?

Code: Select all

<?
extract($_POST);
$ref_art=trim($ref_art);
$exi_art=trim($exi_art);

 if (!$ref_art || !$exi_art)

{

   echo 'No has introducido la referencia o las unidades';

   header("Location: index.php");

}

$sref_art = addslashes($ref_art);

$exi_art = addslashes($exi_art);


@ $conn=mysql_pconnect("localhost","","");

if(!$conn){

    echo "no existe tal bd";

}

mysql_select_db("tienda");
echo "hola";
//Ejecucion de la sentencia SQL
$query = "Select * From fal_art Where ref_art = '$ref_art'";
$result = mysql_query($query);
if($result){
    $filas = mysql_num_rows($result);
    echo "$filas";
}else{
    echo mysql_error();
}
?>

Posted: Thu Nov 15, 2007 10:27 am
by feyd
Post the entire error output by mysql_error() please.

Also, note that addslashes() is not a suitable protection against SQL injection. Nor is it recommended to use extract() as the variables you are referencing may still not exist. Use isset() or array_key_exists() instead help set the value.