PDA

View Full Version : Mysql data retrieving...How to?

omar_391
09-11-2009, 06:25 AM
I have been trying this for two days ...with no success..?
Now i am here to know what to do....

Objective: Retrieve/select data from database....based on url.[suppose my url=...../..php?id=123]

CODE:
Code:

<?php
$con = mysql_connect("sql108.byethost32.com","b32_******","*****");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("b32_******_test", $con);

$result = mysql_query("SELECT * FROM 'my1' WHERE id=$_GET['id'] ");

while($row = mysql_fetch_array($result))
{
echo $row['name'] . " " . $row['url1'];
echo "<br />";
}
?>



My output page show nothong....
Now what to do..i am clue less.Plz b a help.
seco
09-11-2009, 06:33 AM
$id = $_GET['id'];
$query = "SELECT * FROM '****' WHERE id=".$id."";
$result = mysql_query($query) or die(mysql_error());



replace and add above.
omar_391
09-11-2009, 06:59 AM
Thanks for the replay.
but it shows:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''my1' WHERE id=1' at line 1

Again another question:

Should i use loop there bcoz i only need the data of row with id='...' ,i mean only 1 data set regarding the row id.

Now what sud i modify?
seco
09-11-2009, 07:26 AM
might be my syntax try

id=$id
omar_391
09-11-2009, 08:03 AM
might be my syntax try

id=$id

Yet problem exists.:confused:
djm0219
09-11-2009, 09:18 AM
$result = mysql_query("SELECT * FROM `my1` WHERE `id`= '" . $_GET['id'] . "'");

The column names need back ticks not single quotes. You will also want to verify and sanitize the value coming from the URL to prevent SQL injection attacks.
omar_391
09-11-2009, 12:00 PM
$result = mysql_query("SELECT * FROM `my1` WHERE `id`= '" . $_GET['id'] . "'");

The column names need back ticks not single quotes. You will also want to verify and sanitize the value coming from the URL to prevent SQL injection attacks.

Thanks.IT worked.

Ok.FOR SQL INJECTION: I DID--


$result = mysql_query("SELECT * FROM `my1` WHERE `id`=".mysql_real_escape_string($_GET['id'])."")
or die(mysql_error());

This sud b ok..sudnt it?
Thanks to codingforums.com
djm0219
09-12-2009, 12:08 AM
That will help. If you expect id to be a number, for example, do additional checking before you do the query to make sure it really is a number (is_numeric).