Web Analytics Made Easy -
StatCounter PHP and Mysql problem - Mysql Query - CodingForum

Announcement

Collapse
No announcement yet.

PHP and Mysql problem - Mysql Query

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • PHP and Mysql problem - Mysql Query

    Hi, i've made a site where it uses the PHP $_GET[""]. Now my problem is that i have got $_GET["id"] and $_GET["nail extensions"] (not my site), and my mysql query uses the $_GET to find the page out of the database, but how do i tell it to use both?

    Code at the moment:
    PHP Code:
    $pagewanted $_GET["id"];
    $result mysql_query("select * from site_pages where id='"$pagewanted ."' "); 
    What I need it to do:
    PHP Code:
    $pagewanted $_GET["id"] (AND INCLUDING $_GET["nail extensions"]);
    $result mysql_query("select * from site_pages where id='"$pagewanted ."(AND INCLUDING THE NAIL EXTENSION PART FROM ABOVE)' "); 
    How would I do this....I've done it beofrew but can't remember it......

    Any help would be greatfully as I need this site done by today....lol.

    Thanks
    Vortex

    P.S. I usally use different tables for each page but for some reason i never for this and it's too late to turn back!
    Last edited by Vortex; Oct 7, 2006, 12:06 PM. Reason: Spelling Mistake:P

  • #2
    It sounds like you could just use "OR"

    where field = a_condition OR field = b_condition
    Mortgage Calculator | Debt Free

    Comment


    • #3
      the OR clause won't work of course because it would return rows that don't match both. you need to use AND

      PHP Code:
      $pagewanted $_GET["id"];
      $nail_extensions $_GET["nail extensions"]);
      $result mysql_query("select * from site_pages where id='$pagewanted'
       and nail_extensions = '
      $nail_extensions"); 
      A very important thing, you are leaving yourself completely vulnerable to sql injections and cross server side scripting attacks if you use _GET or _POST to retrieve your values and leave them unfiltered.

      Take a look at the php.net manual, specifically for mysql_real_escape_string and how to use it.

      Comment

      Working...
      X