Posted by Rik on 10/26/06 18:13

bokke wrote:
> hi Jay,
>
> $query = "SELECT * FROM news WHERE writer=" . $_GET["SubCat"] . "";
> $result = mysql_query($query)
> or die ("no can do.");
>
> gets me a good old "no can do". besides I have these Select scripts
> working on other sites without the GET??

How would $_GET not work on other sites? Or do you mean the variable will
be fed otherwise?

In this case, one should offcourse always quote strings. When running into
trouble, don't blindly post this to a newsgroup/forum, there's othe things
you can check:

- Offcourse, there's always spelling errors.
- Echo the query-string, to check wether the query is built correctly
(which it wasn't in this case).
- Use backticks around field- and tablenames
- Echo mysql_error(), and check what it sais.

Seriously consider putting in the fieldnames instead of SELECT *, check the
manual why.

$cat = mysql_real_escape_string(trim($_GET['subcat']));//or any other means
of getting the value
$query = "
SELECT
*
FROM
`news`
WHERE
`writer` LIKE '$cat'";

--
Rik Wasmus

• Next in forum: Re: PHP wants "mysql_config" for configure, but this is not on system
• Prev in forum: Re: Problem with my SELECT
• Thread view: Re: Problem with my SELECT

[Reply to this message]