|
|
Posted by Jerry Stuckle on 07/26/06 00:55
dkirkdrei@yahoo.com wrote:
> Eric Farraro wrote:
>
>>For starters, it doesn't appear that you are actually assigning the
>>variables you are using in your search queries.
>>
>>Look at your form -- since you are using the GET method, in your PHP
>>file, you should have something like:
>>
>>$variable_name = $_GET['some_variable'].
>>
>>'some_variable' corresponds to the 'name' attribute of some input
>>field.
>>
>>I don't know if your DB connection, etc... is correct, but you
>>definitely need to assign the variables you're using in your search
>>using the $_GET variable. If you do something like: print_r($_GET);,
>>you can get an idea of what is contained in $_GET.
>>
>>On another note, this is probably more advanced than you care to know,
>>but the method you are using your queries is considered EXTREMELY
>>dangerous for an online application. Since the user can type whatever
>>they want, someone wishing to cause trouble could log in to your site
>>without a valid password (assuming you have a login page), drop tables,
>>etc... Very bad stuff. If you're just playing around locally, it's
>>not a problem, but if you plan to move your code to an online page,
>>consider reading up on SQL Injection Attacks.
>
>
> thanks for the reply. This query form will be used on my company's
> intranet only but I appreciate the info. I have added the code that you
> suggested but I still recieve the same result. my return page contains
> my logo and my table with the headers but no return results even though
> I know that the criteria in which I am entering resides in the
> database. I searched the php.net site but could not find any info on
> the commands that you suggested?? I also went back and corrected some
> typo's, my php code now looks like this:
>
Eric has the right answer. Your variables will be in the $_GET array
(since you're using method=get).
So your variables will be $_GET['machtype'], $_GET['wpart'], etc.
At the beginning of your PHP add the following:
echo "<pre>\n";
print_r($_GET);
echo "</pre>\n";
This will display the contents of your $_GET array with the keys.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|