Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Oct 2006
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Exclamation PHP and Mysql problem - Mysql Query

    Hi, i've made a site where it uses the PHP $_GET[""]. Now my problem is that i have got $_GET["id"] and $_GET["nail extensions"] (not my site), and my mysql query uses the $_GET to find the page out of the database, but how do i tell it to use both?

    Code at the moment:
    PHP Code:
    $pagewanted $_GET["id"];
    $result mysql_query("select * from site_pages where id='"$pagewanted ."' "); 
    What I need it to do:
    PHP Code:
    $pagewanted $_GET["id"] (AND INCLUDING $_GET["nail extensions"]);
    $result mysql_query("select * from site_pages where id='"$pagewanted ."(AND INCLUDING THE NAIL EXTENSION PART FROM ABOVE)' "); 
    How would I do this....I've done it beofrew but can't remember it......

    Any help would be greatfully as I need this site done by today....lol.

    Thanks
    Vortex

    P.S. I usally use different tables for each page but for some reason i never for this and it's too late to turn back!
    Last edited by Vortex; 10-07-2006 at 04:06 PM. Reason: Spelling Mistake:P

  • #2
    New Coder
    Join Date
    Aug 2005
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It sounds like you could just use "OR"

    where field = a_condition OR field = b_condition

  • #3
    Super Moderator guelphdad's Avatar
    Join Date
    Mar 2006
    Location
    St. Catharines, Ontario Canada
    Posts
    2,634
    Thanks
    4
    Thanked 148 Times in 139 Posts
    the OR clause won't work of course because it would return rows that don't match both. you need to use AND

    PHP Code:
    $pagewanted $_GET["id"];
    $nail_extensions $_GET["nail extensions"]);
    $result mysql_query("select * from site_pages where id='$pagewanted'
     and nail_extensions = '$nail_extensions"
    ); 
    A very important thing, you are leaving yourself completely vulnerable to sql injections and cross server side scripting attacks if you use _GET or _POST to retrieve your values and leave them unfiltered.

    Take a look at the php.net manual, specifically for mysql_real_escape_string and how to use it.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •