09-25-2006, 06:10 AM
I have a query:
$sql = "SELECT * FROM notes WHERE uid='$_SESSION[uid]', class='$_GET[class]' ORDER BY time ASC LIMIT 10";
I want to get everything where the uid is equal to the session variable and the class is equal to the class var in the url... I have no idea whats wrong.
09-25-2006, 06:37 AM
Are you getting an error or just no rows? I don't think you can separate your WHERE clauses with a comma, I think you have to use the AND keyword. It's worth a shot anyway.
And, by the way:
This is wrong: $_GET[class]
This is right: $_GET['class']
$sql = "SELECT *
ORDER BY time ASC
09-25-2006, 02:45 PM
You can't separate with a comma because the query has no idea that both conditions must be true. Use AND as suggested above.
Also you should look in the php manual on using mysql_real_escape_string for cleaning up both of your variables. DO NOT accept anything from a form or cookie etc. that you haven't cleaned first.
if you aren't familiar with it look into sql injection attacks and cross server scripting attacks and see the problems you can run into.