|
|
Posted by Ian Rastall on 06/28/05 23:58
On 28 Jun 2005 13:37:06 -0800, yf110@vtn1.victoria.tc.ca (Malcolm
Dew-Jones) wrote:
> $id = mysql_escape_string($_REQUEST[id]);
>
> $sql = "select * from the_table where ID='$id'";
Okay, I think I'm making progress. I changed:
<td><a href="<?php print
$_SERVER['PHP_SELF']."?album=".$row_rsDaevid['Album'];
?>">
to
<td><a href="<?php print
$_SERVER['PHP_SELF']."?album=".mysql_escape_string($row_rsDaevid['Album']);
?>">
which yields an escaped string in the final source code. The page
still doesn't work, though, meaning clicking on the album doesn't pop
up the info on the left. I think it's looking for "N\'existe Pas" in
the db and not finding it.
I looked up the PHP equivalent of "unescape", and found "urldecode",
which I tried to use at the point where it calls the album, at:
<h3><?php echo urldecode($row_rsDaevid['Album']); ?></h3>
but it didn't help. Didn't throw an error, either, but didn't help.
:-)
Am I on the right track here? Thanks for any help. The code, again, is
at:
http://www.gongfamily.net/code.txt
TIA
Ian
--
Was it not a comedy, a strange and stupid
matter, this repetition, this running around
in a fateful circle? (Hermann Hesse)
http://www.bookstacks.org/
Navigation:
[Reply to this message]
|