HELP PHP problem

Hi

I have created a form which passes a variable and I am trying to use this stored variable to dictate the output of my sql command.

Basically I have tried the following:

SELECT *
FROM EXAMPLE
WHERE Example.Seat=$input_value

What my intentions are is to enter a value e.g 3 and then the 3 rows in the database are shown.

Can anyone help me with this Im really stuck and appreciate any help

Thanks

 

Add LIMIT 3 to your query

 

Say you are using GET method to pass the variable through a form and it is row_no. Here is the PHP code you need

$limit = $_GET['row_no'];
$dbc = mysqli_connect($dbHost, $dbUser, $dbPass, $dbName);
$query = "SELECT * FROM EXAMPLE WHERE table_field='table_value' LIMIT $limit";
$result = mysqli_query($dbc, $query);
//Other MySQL stuffs, like fetching rows etc
mysqli_close($dbc);

PHP:

If you have any problem, feel free to ask!

 

You should filter all user input. Not doing so is just asking for trouble.

 

Yep! That's right!
You need to filter that

 

Oh yaa!

$limit = (int) $_GET['row_no'];
$dbc = mysqli_connect($dbHost, $dbUser, $dbPass, $dbName);
$query = "SELECT * FROM EXAMPLE WHERE table_field='table_value' LIMIT $limit";
$result = mysqli_query($dbc, $query);
//Other MySQL stuffs, like fetching rows etc
mysqli_close($dbc);

PHP:

Typecasting will work here best I guess! No need to mysqli_real_escape_string and other escaping!

 

Or intval()

 

Yea intval() can be used it returns the integer value of variable, using the specified base for the conversion (the default is base 10).