|
Posted by Darko on 11/07/07 00:37
On Nov 7, 12:32 am, Austin <phr...@gmail.com> wrote:
The way
> $lines = file("list.txt");
> $l_count = count($lines);
>
> for($i = 0; $i < 3; $i++) {
> $var = $lines[$i];
>
> }
>
> mysql_query("SELECT name FROM list WHERE name='$var'");
>
> In the list.txt it would have data like:
> Code:
>
> One
> Two
> Three
>
> And "echo $list[0];" would come up as "one".
>
> I need to SELECT the name "one" and return the column data.
>
> It doesn't select anything, even though it does get the data correctly
> when echo'd. What's wrong?
>
> OR am I going the wrong way w/ this? :x
This is the way I see this code:
$lines = file("list.txt"); // lines are read into $lines
$l_count = count($lines); // useless variable
for($i = 0; $i < 3; $i++) { // read three lines, each into $var,
overwriting the previous
$var = $lines[$i];
}
// at the end, the last line read is held in $var
// give me all names from list where name is equal to the last line
read
// (you say it's "three"), and lose the return value (you didn't
assign it to anything)
mysql_query("SELECT name FROM list WHERE name='$var'");
// you should have at least do:
$results = mysql_query("SELECT name FROM list WHERE name='$var'");
// then you could use mysql_fetch_array to fetch the results from the
$results resource
Resume:
* you didn't echo anything in the given example, although you say "it
does get the data correctly when echo'd"
* you don't get "one", but "three" in $var after the loop
* you don't use your mysql_query() result in any way (you should use
mysql_fetch_array())
* you shouldn't just include $var in the query, it is very bad
security-wise - you should do something like this:
$results = mysql_query(
sprintf( "select name from list where name='%s'",
mysql_real_escape_string( $var ) )
);
(having in mind, of course, that you've properly stripped slashes if
get_magic_quotes_gpc() returned true)
* the last, but not the least, you're very vague about what you're
trying to do
Regards,
Darko
Navigation:
[Reply to this message]
|