CodingForums.com - View Single Post

bayken37 · 01-25-2013, 08:52 PM

I'm wondering if the following is even possible, and if so, how do I go about fixing what I already have.

So when I go to "stats.php?STAT_ID=X" I want it to grab and run a query based on what X is.

PHP Code:


			
if (isset($_GET['STAT_ID']))

{

    if (get_magic_quotes_gpc())

    {

        $_GET['STAT_ID'] = stripslashes($_GET['STAT_ID']);

    }

    $stat_id = mysql_real_escape_string($_GET['STAT_ID']);





echo '<table width="575" align="center" cellspacing="0">';

echo '<tr>';

echo '<td valign="top" align="left" width="575">';



$sql = 'SELECT Pos, FName, LName, Year, \'' . $stat_id . '\' '

        . ' FROM batters_career_stats '

        . ' GROUP BY Pos, FName, LName, Year '

        . ' ORDER BY \'' . $stat_id . '\' DESC '

        . ' LIMIT 50'; 

     

$result = mysql_query($sql) or die(mysql_error());





echo "<table border='0' cellpadding='2' cellspacing='0' width='575'>";

echo "<tr class='header'>  <td width='15'>Rk.</td> <td align='right' width='385'>Player</td> <td width='175' align='right'>Stat</td></tr>";



$i=0

while($row = mysql_fetch_assoc( $result ))  

{

    printf('<tr class="odd">

        <td align="right">%d.</td>

        <td align="right">%s %s, %d</td>

        <td align="right">%d</td>

        </tr>' . PHP_EOL, $i, $row['FName'], $row['LName'], $row['Year'], $row['?????']);

} 



echo "</table>";



}

When I've played around with what goes in the ?????? I've only come away with errors. Any ideas?

Thanks in advance!

01-25-2013, 08:52 PM	PM User \| #1
bayken37 New Coder Join Date: Jan 2013 Posts: 12 Thanks: 2 Thanked 0 Times in 0 Posts	Question about "isset" I'm wondering if the following is even possible, and if so, how do I go about fixing what I already have. So when I go to "stats.php?STAT_ID=X" I want it to grab and run a query based on what X is. PHP Code: if (isset($_GET['STAT_ID'])) { if (get_magic_quotes_gpc()) { $_GET['STAT_ID'] = stripslashes($_GET['STAT_ID']); } $stat_id = mysql_real_escape_string($_GET['STAT_ID']); echo '<table width="575" align="center" cellspacing="0">'; echo '<tr>'; echo '<td valign="top" align="left" width="575">'; $sql = 'SELECT Pos, FName, LName, Year, \'' . $stat_id . '\' ' . ' FROM batters_career_stats ' . ' GROUP BY Pos, FName, LName, Year ' . ' ORDER BY \'' . $stat_id . '\' DESC ' . ' LIMIT 50'; $result = mysql_query($sql) or die(mysql_error()); echo "<table border='0' cellpadding='2' cellspacing='0' width='575'>"; echo "<tr class='header'> <td width='15'>Rk.</td> <td align='right' width='385'>Player</td> <td width='175' align='right'>Stat</td></tr>"; $i=0 while($row = mysql_fetch_assoc( $result )) { printf('<tr class="odd"> <td align="right">%d.</td> <td align="right">%s %s, %d</td> <td align="right">%d</td> </tr>' . PHP_EOL, $i, $row['FName'], $row['LName'], $row['Year'], $row['?????']); } echo "</table>"; } When I've played around with what goes in the ?????? I've only come away with errors. Any ideas? Thanks in advance!