|
|
Posted by Jay on 10/26/06 19:02
You didn't put it between single quotes!
query = "SELECT * FROM news WHERE writer= '" . $_GET["SubCat"] . "' ";
make sure to validate that variable too.
bokke wrote:
> Hey Rick,
>
> I have always used
> <a href="Contributor.php?action=&SubCat=<?php echo $row["writer"];
> ?>"><?php echo $row["writer"];?></a>
> to feed the variable - and then used
> $query = "SELECT * FROM news WHERE writer='$SubCat' ";
> - I only use POST and GET with forms - not simple links.
>
> -"quote strings" - not sure which string you would like me to quote?
>
> -as for
> "> - Offcourse, there's always spelling errors.
> > - Echo the query-string, to check wether the query is built correctly
> > (which it wasn't in this case).
> > - Use backticks around field- and tablenames
> > - Echo mysql_error(), and check what it sais."
>
> -Checked the spelling again and again - but thats not it
> -I use or die ("no can do."); so I know when it's not working - in this
> case it works just not reading the variable. Again, if I change the
> WHERE writer='$SubCat' "; to WHERE writer='Bob Smith' "; it works fine
> ???
>
> and as for "blindly post this to a newsgroup/forum" man - I am on day
> two of this problem - you can only spell writer so many ways before
> you realize it is not spelling. I think I have exchased all my tricks
> ... it must be a header issue or a .... damn i just don't know?
>
> thanks for your input though.
>
> michael
>
> Rik wrote:
> > bokke wrote:
> > > hi Jay,
> > >
> > > $query = "SELECT * FROM news WHERE writer=" . $_GET["SubCat"] . "";
> > > $result = mysql_query($query)
> > > or die ("no can do.");
> > >
> > > gets me a good old "no can do". besides I have these Select scripts
> > > working on other sites without the GET??
> >
> > How would $_GET not work on other sites? Or do you mean the variable will
> > be fed otherwise?
> >
> > In this case, one should offcourse always quote strings. When running into
> > trouble, don't blindly post this to a newsgroup/forum, there's othe things
> > you can check:
> >
> > - Offcourse, there's always spelling errors.
> > - Echo the query-string, to check wether the query is built correctly
> > (which it wasn't in this case).
> > - Use backticks around field- and tablenames
> > - Echo mysql_error(), and check what it sais.
> >
> > Seriously consider putting in the fieldnames instead of SELECT *, check the
> > manual why.
> >
> > $cat = mysql_real_escape_string(trim($_GET['subcat']));//or any other means
> > of getting the value
> > $query = "
> > SELECT
> > *
> > FROM
> > `news`
> > WHERE
> > `writer` LIKE '$cat'";
> >
> > --
> > Rik Wasmus
Navigation:
[Reply to this message]
|