Posted by Rik on 08/15/07 10:06

On Wed, 15 Aug 2007 11:59:25 +0200, Dave =

<david.greenhall@praybourne.co.uk> wrote:

> Hi guys,
>
> I have just set up a duplicate server running:
> apache 2.54, mysql 5.04 and php 5.04
>
> This is the same setup as as the server we are using now, apart from
> the hardware inside. I have copied across the database and website,
> with exact same permissions as the first server.
>
> The problem is that part of the php code is executing but others
> arent:
>
> example:
> ------------------------
> <?php
> // Make the connection
> mysql_connect("localhost", "********", "**********") or

Hmmm, seemed like a real user/pass combo to me...


> die(mysql_error());
> echo "Connected to MySQL<br />";
> mysql_select_db("sales") or die(mysql_error());
> echo "Connected to Database<br />";
>
> $query =3D mysql_query("SELECT product_name FROM `code_tbl` WHERE `cod=
e`
> =3D'P191")

Shouldn't that be `code` =3D 'P191'" (notice the ending single quote).

> or die(mysql_error());
>
> $result =3D mysql_fetch_array($query);
> echo "The name of the product is " .$result['product_name']. " ";
> ?>
> -----------------
>
> This will work with no problems
>
> But when i change it to:
> -----------------
> <?php
> // Make the connection
> mysql_connect("localhost", "user", "pass") or die(mysql_error());
> echo "Connected to MySQL<br />";
> mysql_select_db("sales") or die(mysql_error());
> echo "Connected to Database<br />";
>
> $query =3D mysql_query("SELECT product_name FROM `code_tbl` WHERE `cod=
e`
> =3D'$code")

Again, the missing ending single quote in the SQL statement. Where does =
=

$code com form BTW? You're not relying on register_globals are you? Not =
a =

good thing. So, use $code =3D mysql_real_escape_string($_GET['code']); f=
irst.

> $result =3D mysql_fetch_array($query);

var_dump($result);
-- =

Rik Wasmus

[Back to original message]