Putting SELECT query results into a variable - Help!

Discussion in 'PHP' started by gtrufitt, Mar 10, 2008.

0
  1. #1
    Hi, my code is:

      <?php
mysql_connect("localhost", "admin", "admin") or die("Cannot connect to DB!");

mysql_select_db("padgate") or die("Cannot select DB!");

$username = ($_POST['username']);
$password = ($_POST['password']);

$login = "SELECT email, f_name FROM user WHERE email = '$username' AND password = '$password'";

$r = mysql_query($login) or die(mysql_error()."<Br /><br /.".$login); // don't use your SQL statement in your error. It will let malicious users know your table structure and open it up to sql injection.

$count = mysql_num_rows($r);

?>
    Code (markup):
    and I want to put the f_name field result into a variable so it can be called by echo to display the name.

    Thanks,

    Gareth
     
    gtrufitt, Mar 10, 2008 IP
  2. Vbot

    Vbot Peon

    Messages:
    107
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #2
    use:
    $row = mysql_fetch_array($r);
$name = $row['f_name'];
$email = $row['email'];
    PHP:
     
    Vbot, Mar 10, 2008 IP
  3. gtrufitt

    gtrufitt Peon

    Messages:
    8
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Thanks,

    Gareth
     
    gtrufitt, Mar 10, 2008 IP
  4. lephron

    lephron Active Member

    Messages:
    204
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    53
    #4
    You should escape the input though. The code at the moment is open to an SQL injection attack. Lookup mysql_escape_string
     
    lephron, Mar 10, 2008 IP
  5. Marc Fraser

    Marc Fraser Peon

    Messages:
    283
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Marc Fraser, Mar 10, 2008 IP