Posted by Richard Davey on 12/16/05 14:39

On 16 Dec 2005, at 12:30, Paul Jinks wrote:

> I have a site where users can search study projects. I'd like to be
> able to clicks on a project title which passes a variable to this
> page, which then displays all the data on that project in a table.
> Cool - and to a noob like me, actually pretty exciting. Except it
> doesn't work.
>
> I get a "couldn't set value of result" message - see end of code.
> The page displayed all the projects fine when I messed up passing
> them from the previous page, so the problem is presumably in the
> first SQL query. Any suggestions?
>
> <?
> $connect = mysql_connect("", "", "")
> or die("could not connect");
> $db = mysql_select_db("")
> or die("could not select db");
> if (isset($HTTP_GET_VARS['projTitle']))
> {
> $SQLQuery = "SELECT * FROM project WHERE
> projTitle = ".$HTTP_GET_VARS['projTitle']
> or die("SQLQuery 1 failed");
> }
> else
> {
> $SQLQuery = "SELECT*FROM project ORDER BY projTitle"
> or die("SQLQuery 2 failed");
> }
> $result = mysql_query($SQLQuery,$connect)
> or die("couldn't set value of result");
>
> ?>

Well you've got 5 die statements in there - which one does it die on?
Also check that your web host allows the long array names
($HTTP_GET_VARS), because lots do not. I would suggest replacing
$HTTP_GET_VARS with $_GET (in all instances), because the long format
will eventually vanish and your script will cease to work.

There are various issues re: SQL injection and lack of filtering
going on here, but perhaps not best to dwell on those -just yet-, as
long as you are aware that your script is lacking in all forms of
security? Then you can address that once you've got it working.

I assume you removed the MySQL details to post to the mailing list,
otherwise that won't help too much ;)

Cheers,

Rich
--
http://www.corephp.co.uk
PHP Development Services

[Back to original message]