Posted by Pedro Graca on 02/03/06 18:17

JT wrote:
> I am working on a basic webpage in PHP connecting to a mySQL database,
> here is my query...
>
> //query 1
> $query_rs_staff = "SELECT * FROM jtStaff WHERE
> locationID=".$_GET['myDesk'];

Have you thoroughly sanitized $_GET['myDesk']?
Someone could tweak it to "1 or 42=42" giving strange results for the
following query.

> $rs_staff = mysql_query($query_rs_staff);
> $row_rs_staff = mysql_fetch_assoc($rs_staff);
>
>
> //query 2
> $query_rs_section = "SELECT * FROM jtSection WHERE
> sectionID=$row_rs_staff['sectionID']";
> $rs_section = mysql_query($query_rs_section);
> $row_rs_ssection = mysql_fetch_assoc($rs_section);
> ?>
>
>
> I had it working with query 1. then I added query 2 to get from another
> table, some additional data. So i have no problems with query 1. When
> ran thru my server, it throws back a parse error on line 20, which is
> the first line of query 2. can someone tell me the correct syntax for
> what i am trying to do here?

$query_rs_section = "SELECT * FROM jtSection WHERE
sectionID={$row_rs_staff['sectionID']}";
### ______^__________________________^_

--
If you're posting through Google read <http://cfaj.freeshell.org/google>

• Next in forum: Re: mySQL query in PHP - Parse error
• Prev in forum: Re: mySQL query in PHP - Parse error
• Thread view: Re: mySQL query in PHP - Parse error

[Reply to this message]