Posted by Markus Ernst on 10/26/06 16:07
bokke schrieb:
> Hi,
>
> I have a page with a link
>
> <a href="Contributor.php?action=&SubCat=<?php echo $row["writer"];
> ?>"><?php echo $row["writer"];?></a>
>
> that does to a page with a SELECT
>
> $query = "SELECT * FROM news WHERE writer='$SubCat' ";
You are sure register_globals is on? Anyway it is recommended to use
$_GET['SubCat'].
> But it is not pulling any data from the database. If I do this
> $query = "SELECT * FROM news WHERE writer='Bob Smith' ";
> works great??
>
> also
> the ULR reads -
> Contributor.php?action=&SubCat=Bob%20Smith
So you have one record with 'Bob Smith' and another one with 'Bob%20Smith'?
Some recommendations:
- use urlencode() and urldecode() if you send GET data that could
contain any characters beyond a-z, A-Z and 0-9
- always pre-process transmitted data before putting them into the
database; also google for "SQL injectin" and "E-mail injection"
- regarding your HTML, use validator.w3.org to check it, and don't use a
strict XHTML doctype if you don't write strict XHTML.
- regarding posting, your message appears as a reply to an old thread in
my newsreader - was that your intention?
--
Markus
[Back to original message]
|