...

View Full Version : PHP and Mysql problem - Mysql Query



Vortex
10-07-2006, 04:01 PM
Hi, i've made a site where it uses the PHP $_GET[""]. Now my problem is that i have got $_GET["id"] and $_GET["nail extensions"] (not my site:p), and my mysql query uses the $_GET to find the page out of the database, but how do i tell it to use both?

Code at the moment:

$pagewanted = $_GET["id"];
$result = mysql_query("select * from site_pages where id='". $pagewanted ."' ");


What I need it to do:

$pagewanted = $_GET["id"] (AND INCLUDING $_GET["nail extensions"]);
$result = mysql_query("select * from site_pages where id='". $pagewanted ."(AND INCLUDING THE NAIL EXTENSION PART FROM ABOVE)' ");

How would I do this....I've done it beofrew but can't remember it......

Any help would be greatfully as I need this site done by today....lol.

Thanks
:cool: Vortex:cool:

P.S. I usally use different tables for each page but for some reason i never for this and it's too late to turn back!

flann
10-07-2006, 05:31 PM
It sounds like you could just use "OR"

where field = a_condition OR field = b_condition

guelphdad
10-07-2006, 06:24 PM
the OR clause won't work of course because it would return rows that don't match both. you need to use AND



$pagewanted = $_GET["id"];
$nail_extensions = $_GET["nail extensions"]);
$result = mysql_query("select * from site_pages where id='$pagewanted'
and nail_extensions = '$nail_extensions");


A very important thing, you are leaving yourself completely vulnerable to sql injections and cross server side scripting attacks if you use _GET or _POST to retrieve your values and leave them unfiltered.

Take a look at the php.net manual, specifically for mysql_real_escape_string and how to use it.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum