Hey guys, I'm back. I'm stuck on something really simple if you know what you are doing. I made a page called page.php and I want it to display stuff from a mySQL database. I wanted to use GET_ to make it so if someone types in page.php?id=coke and "coke" is in my database, then the page would display everything else that is in the same row as coke. Not sure if that made any sense. Heres what I tried but failed at. $result = mysql_query("SELECT * FROM projects "); while($row = mysql_fetch_array($result)) { $id = $_GET['id']; $num = $row['id']; if($id == $num) { echo $row['client']." is very important"; } else { echo "Not found"; } } Code (markup): Anything will help. Thanks guys
$result = mysql_query("SELECT * FROM projects where client = '".mysql_escape_string($_GET['id'])."' ");
Do I need to take away anything from my code besides that one line? When I switch the line to yours, it doesn't give me the data. Its just blank. Thanks,
after the $result = line put if(!$result) die(mysql_error()); and that will give you the reason the query isnt working Also, have you connected to mysql and selected a database?
This should work for what you need # Filter everything but numbers, plus, and minus. $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); # Escape the ID to prevent issues, and transform it into an int (if it's not) $sql = sprintf('SELECT * FROM `projects` WHERE `id` = '%d' LIMIT 0, 1;', mysql_real_escape_string((int)$id)); # Create the result. $result = mysql_query($sql); # If the result had an entry.. if(num_rows($result) > 0) { # Fetch the row. $row = mysql_fetch_row($result); # Echo the client and string. echo $row['client'].' is very imporant'; } else { # The result didn't have an entry echo 'Not found'; } PHP:
# Filter everything but numbers, plus, and minus. $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); # Escape the ID to prevent issues, and transform it into an int (if it's not) $sql = sprintf("SELECT * FROM `projects` WHERE `id` = '%d' LIMIT 0, 1;", mysql_real_escape_string((int)$id)); # Create the result. $result = mysql_query($sql); # If the result had an entry.. if(num_rows($result) > 0) { # Fetch the row. $row = mysql_fetch_row($result); # Echo the client and string. echo $row['client'].' is very imporant'; } else { # The result didn't have an entry echo 'Not found'; } PHP: Try that
Typos are annoying.. lol. This last one should work. # Filter everything but numbers, plus, and minus. $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); # Escape the ID to prevent issues, and transform it into an int (if it's not) $sql = sprintf("SELECT * FROM `projects` WHERE `id` = '%d' LIMIT 0, 1;", mysql_real_escape_string((int)$id)); # Create the result. $result = mysql_query($sql); # If the result had an entry.. if(mysql_num_rows($result) > 0) { # Fetch the row. $row = mysql_fetch_row($result); # Echo the client and string. echo $row['client'].' is very imporant'; } else { # The result didn't have an entry echo 'Not found'; } PHP:
No errors but its not retreving any data. All I get is "is very important". Hmm... Would the problem be with the ' and " in the row? You used ' for both. I tried what I could but still nothing
I need to start reading up on stuff again. lol. This is the correct code for sure: # Filter everything but numbers, plus, and minus. $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); # Escape the ID to prevent issues, and transform it into an int (if it's not) $sql = sprintf("SELECT * FROM `projects` WHERE `id` = '%d' LIMIT 0, 1;", mysql_real_escape_string((int)$id)); # Create the result. $result = mysql_query($sql); # If the result had an entry.. if(mysql_num_rows($result) > 0) { # Fetch the row. $row = mysql_fetch_assoc($result); # Echo the client and string. echo $row['client'].' is very imporant'; } else { # The result didn't have an entry echo 'Not found'; } PHP: