Posted by �lvaro G. Vicario on 08/15/07 10:11

Dave escribió:
> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
> ='P191")
> or die(mysql_error());
>
> $result = mysql_fetch_array($query);
> echo "The name of the product is " .$result['product_name']. " ";
> ?>
> -----------------
>
> This will work with no problems

Weird... The query contains an unmatched quote.





> $query = mysql_query("SELECT product_name FROM `code_tbl` WHERE `code`
> ='$code")
> or die(mysql_error());
>
> $result = mysql_fetch_array($query);
> echo "The name of the product is " .$result['product_name']. " ";
> ?>
> -----------------
> and select the page with /test.php?code=P191

Your code relies on the register_globals directive, which is disabled by
default. There're good reasons for it. You should access your query
params through the $_GET array. E.G.:

$query = "SELECT product_name FROM `code_tbl` WHERE `code` >='" .
mysql_real_escape_string($_GET['code']) . "'";



--
-+ http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
++ Mi sitio sobre programación web: http://bits.demogracia.com
+- Mi web de humor austrohúngaro: http://www.demogracia.com
--

[Back to original message]