|
|
Posted by Rik on 08/15/07 10:06
On Wed, 15 Aug 2007 11:59:25 +0200, Dave =
<david.greenhall@praybourne.co.uk> wrote:
> Hi guys,
>
> I have just set up a duplicate server running:
> apache 2.54, mysql 5.04 and php 5.04
>
> This is the same setup as as the server we are using now, apart from
> the hardware inside. I have copied across the database and website,
> with exact same permissions as the first server.
>
> The problem is that part of the php code is executing but others
> arent:
>
> example:
> ------------------------
> <?php
> // Make the connection
> mysql_connect("localhost", "********", "**********") or
Hmmm, seemed like a real user/pass combo to me...
> die(mysql_error());
> echo "Connected to MySQL<br />";
> mysql_select_db("sales") or die(mysql_error());
> echo "Connected to Database<br />";
>
> $query =3D mysql_query("SELECT product_name FROM `code_tbl` WHERE `cod=
e`
> =3D'P191")
Shouldn't that be `code` =3D 'P191'" (notice the ending single quote).
> or die(mysql_error());
>
> $result =3D mysql_fetch_array($query);
> echo "The name of the product is " .$result['product_name']. " ";
> ?>
> -----------------
>
> This will work with no problems
>
> But when i change it to:
> -----------------
> <?php
> // Make the connection
> mysql_connect("localhost", "user", "pass") or die(mysql_error());
> echo "Connected to MySQL<br />";
> mysql_select_db("sales") or die(mysql_error());
> echo "Connected to Database<br />";
>
> $query =3D mysql_query("SELECT product_name FROM `code_tbl` WHERE `cod=
e`
> =3D'$code")
Again, the missing ending single quote in the SQL statement. Where does =
=
$code com form BTW? You're not relying on register_globals are you? Not =
a =
good thing. So, use $code =3D mysql_real_escape_string($_GET['code']); f=
irst.
> $result =3D mysql_fetch_array($query);
var_dump($result);
-- =
Rik Wasmus
Navigation:
[Reply to this message]
|