*** i'm new and :confused: ***

i can connect to my little mysql db just fine in php AND i can output all files (only 2 rows of data right now).

problem: how do i grab the parameter in

http://customtvis.com/caddetails_result.php?number=TVIS101

result page code thus far (minus the private stuff):

<?php

//make connection
mysql_connect ("", "",
"") or die ('I cannot connect to the database because:' .mysql_error());
mysql_select_db ("cad");

//build query
$query = mysql_query("SELECT * FROM cad");


//display results
while ($row = mysql_fetch_array($query)) {
echo "<br /><h3>" .$row['number'].
"<br />".$row['title'].
"</h3><h4>".$row['category'].
"<br />".$row['subtitle'].
"</h4><br /> Downloads: ".$row['pdf'].
"&nbsp;|&nbsp;".$row['dwg'].
"<br />".$row['image'].
"<br /> <br />".$row['description'].
"<br /> <br /><em>Notes: ".$row['notes'].
"</em><br />";}

?>

This is quite simple:


$number =$_GET['number'];
$query = mysql_query("SELECT * FROM cad WHERE number=`$number`");
//etc...

thank you for the quick reply. at first this didn't work but then i realized the tick marks around the 2nd reference to 'number' seemed somewhat slanted so i changed them and it worked perfect.

:D

Yeah sorry about that, little mistake... glad it works though...

Since this is user input, you should make sure that there is no risk to the security of your database by the user inserting something like "; delete database" and ending the query with that ;)

$number = mysql_real_escape_string (http://us3.php.net/manual/en/function.mysql-real-escape-string.php)($_GET['number']);

Use this every time you have user input directly in a query.