php - MySQL Query using $

php - MySQL Query using $_GET -

February 15, 2013

ok, maybe i'm bit overtired, can't understand why isn't working! have comments box on website, profiles people post. want show posts in profile. profile page userinfo.php?user=(whatever)

this query failing:

$query = "select message,`date`,ip,name,website,id            `guestbook_message`           name=" . intval($_get['user']) . "           , deleted=0           order `date` desc";

you getting name of user , casting directly integer , comparing name. not make sense.

if $_get['user'] id of user, compare id , not name.

if $_get['user'] username of user, have put quotes around username value. username value string, need encapsulate in quotes , remove intval. this:

 $query = "select message,`date`,ip,name,website,id            `guestbook_message`            name='" . mysql_real_escape_string($_get['user']) . "'                , deleted=0            order `date` desc";

Search This Blog

Assebmley

php - MySQL Query using $_GET -

Comments

Post a Comment

Popular posts from this blog

apache - Add omitted ? to URLs -

redirect - bbPress Forum - rewrite to wwww.mysite prohibits login -

php - How can I stop spam on my custom forum/blog? -