Log in

View Full Version : Using WHERE


Nothadoth
06-28-2006, 04:54 PM
I know that I am probably annoying you guys with all my problems, and i'm sorry, but I would appreciate it if you could point me in the right direction with this.

I am using the WHERE function to connect to my database and show the news item where the news id is equal to $id.

However, when I do it it messes up the script. Look: View news page (http://www.finalfantasyfan.net/sitenews.php?id=1)

This is the code I am using.
mysql_connect('localhost','noth','pass');
mysql_select_db('noth_phpb1');
$query = mysql_query("SELECT * FROM sitenews WHERE 'id'='".$_GET['id']."'");
while($news = mysql_fetch_array($query)) {

if( $_GET['id'] == "" ) {
print "Error: You have not specified a correct news article. Please go back and try again.";
} else {

print "<font size='1'><font color='#D0D0D0'>".$news['title']." (".$news['date_day']."/".$news['date_month']."/".$news['date_year'].")</font><br>
".$news['smalltext']."<br>
<div align='right'><font color='#D0D0D0'>
<a href='http://www.finalfantasyfan.net/sitenews.php?id=".$news['id']."' style='text-decoration: none'>[Read More]</a></font></div><br></font>";
}

Thank you.
Twey
06-28-2006, 06:02 PM
Ouch. You *must* escape that string before using it, on pain of giving someone else total access to your database.

$nid = mysql_real_escape_string($_GET['id']);
$query = mysql_query("SELECT * FROM sitenews WHERE id=$id;");
You shouldn't use FONT tags either. Tsk tsk. :)
Nothadoth
06-28-2006, 06:25 PM
Well i'm going to try and work a style sheet in to it. But I am going to finish the news bit first.

Never used a style sheet before so I'll look up a tutorial :)

EDIT:


mysql_connect('localhost','noth','disc89');
mysql_select_db('noth_phpb1');
$nid = mysql_real_escape_string($_GET['id']);
$query = mysql_query("SELECT * FROM sitenews WHERE id=$id;");
while($news = mysql_fetch_array($query)) {

print "<font size='1'><font color='#D0D0D0'>".$news['title']." (".$news['date_day']."/".$news['date_month']."/".$news['date_year'].")</font><br>
".$news['smalltext']."<br>
<div align='right'><font color='#D0D0D0'>
<a href='http://www.finalfantasyfan.net/sitenews.php?id=".$news['id']."' style='text-decoration: none'>[Read More]</a></font></div><br></font>";

}

It didn't work... Still the same... I have connected to the database already with a different file would that matter?
Twey
06-28-2006, 06:45 PM
Shouldn't do. What exactly is the problem?
Nothadoth
06-28-2006, 06:50 PM
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/noth/public_html/sitenews.php on line 33

Line 33 is: while($news = mysql_fetch_array($query)) {
Twey
06-28-2006, 07:02 PM
Oh, I did something stupid:
$nid = mysql_real_escape_string($_GET['id']);
$query = mysql_query("SELECT * FROM sitenews WHERE id=$nid;");
Nothadoth
06-28-2006, 07:06 PM
You are a star! Thank you :) You've helped me a lot. I'll be sure to post here when I have troubles.

Thank you Twey :) No other forum would help.

It worked btw :P