Posted by desmond on 06/29/07 10:04

shimmyshack <matt.farey@gmail.com> wrote:

>> And this is the php code (corrected according to your comments) ...
>>
>> --- select.php ---
>> <?php
>>
>> $dbhost='localhost';
>> $dbuser='toto';
>> $dbpass='password';
>> $dbname='adbname';
>>
>> $conn = mysql_connect($dbhost, $dbuser, $dbpass)
>> or die ('Cannot connect to DB!!');
>>
>> mysql_select_db($dbname);
>>
>> $query="SELECT user_id, login, first_name, email, country FROM
>> users WHERE first_name='$first_name'";
>>
>> $result = mysql_query($query);
>>
>> while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
>>
>> echo "Name: {$row['first_name']} <br>" .
>> "Login: {$row['login']} <br>" .
>> "Client Number: {$row['user_id']} <br>" .
>> "Email: {$row['email']} <br>" .
>> "Country: {$row['country']} <br><br>" ;}
>>
>> ?>

> remember where I asked /how/ you were getting $first_name and hoped it
> was by using
> mysql_real_escape_string( $_GET['first_name'] );

I didn't really understand what you meant..

> well now you have changed the form, you need to change the GET to POST
> and then just do it!
>
> $first_name = mysql_real_escape_string( $_POST['first_name'] );

Sorry for the obtuse questions, but ..where does this go?

> if in doubt about a query thats failing, just use
> var_dump( $qeury );
> to see what you are passing to the DB, that would have shown up as NOT
> what you were passing to the db in the command line.

As you rightly pointed out, it's 'not quite there' yet. :(

[Back to original message]