My SQL Database PHP Inquiry
View Single Post
12-06-2012, 03:50 AM
Supreme Master coder!
Join Date: Feb 2009
Thanked 4,308 Times in 4,275 Posts
The % here is a mistake:
AND orders.OrderID = '" . $_GET['order'] . "%'
Also the '...' around $_GET['order'] is a mistake if ORDERID is always a number.
Plus you need to "sanitize" the $_GET value, to prevent SQL injection.
An optimist sees the glass as half full.
A pessimist sees the glass as half empty.
A realist drinks it no matter how much there is.
View Public Profile
Find More Posts by Old Pedant