Using WHERE

**Nothadoth** · 06-28-2006, 04:54 PM

I know that I am probably annoying you guys with all my problems, and i'm sorry, but I would appreciate it if you could point me in the right direction with this.

I am using the WHERE function to connect to my database and show the news item where the news id is equal to $id.

However, when I do it it messes up the script. Look: View news page

This is the code I am using.

Code:

mysql_connect('localhost','noth','pass'); 
mysql_select_db('noth_phpb1'); 
$query = mysql_query("SELECT * FROM sitenews WHERE 'id'='".$_GET['id']."'");
while($news = mysql_fetch_array($query)) { 
  
if( $_GET['id'] == "" ) {
  print "Error: You have not specified a correct news article. Please go back and try again.";
} else {

print "<font size='1'><font color='#D0D0D0'>".$news['title']." (".$news['date_day']."/".$news['date_month']."/".$news['date_year'].")</font><br>
".$news['smalltext']."<br>
<div align='right'><font color='#D0D0D0'>
<a href='http://www.finalfantasyfan.net/sitenews.php?id=".$news['id']."' style='text-decoration: none'>[Read More]</a></font></div><br></font>";
}

Thank you.

**Twey** · 06-28-2006, 06:02 PM

Ouch. You *must* escape that string before using it, on pain of giving someone else total access to your database.

Code:

$nid = mysql_real_escape_string($_GET['id']);
$query = mysql_query("SELECT * FROM sitenews WHERE id=$id;");

You shouldn't use FONT tags either. Tsk tsk.

**Nothadoth** · 06-28-2006, 06:25 PM

Well i'm going to try and work a style sheet in to it. But I am going to finish the news bit first.

Never used a style sheet before so I'll look up a tutorial

EDIT:

Code:

mysql_connect('localhost','noth','disc89'); 
mysql_select_db('noth_phpb1'); 
$nid = mysql_real_escape_string($_GET['id']);
$query = mysql_query("SELECT * FROM sitenews WHERE id=$id;");
while($news = mysql_fetch_array($query)) { 

print "<font size='1'><font color='#D0D0D0'>".$news['title']." (".$news['date_day']."/".$news['date_month']."/".$news['date_year'].")</font><br>
".$news['smalltext']."<br>
<div align='right'><font color='#D0D0D0'>
<a href='http://www.finalfantasyfan.net/sitenews.php?id=".$news['id']."' style='text-decoration: none'>[Read More]</a></font></div><br></font>";

}

It didn't work... Still the same... I have connected to the database already with a different file would that matter?

**Twey** · 06-28-2006, 06:45 PM

Shouldn't do. What exactly is the problem?

**Nothadoth** · 06-28-2006, 06:50 PM

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/noth/public_html/sitenews.php on line 33

Line 33 is: while($news = mysql_fetch_array($query)) {

**Twey** · 06-28-2006, 07:02 PM

Oh, I did something stupid:

Code:

$nid = mysql_real_escape_string($_GET['id']);
$query = mysql_query("SELECT * FROM sitenews WHERE id=$nid;");

**Nothadoth** · 06-28-2006, 07:06 PM

You are a star! Thank you

You've helped me a lot. I'll be sure to post here when I have troubles.

Thank you Twey

No other forum would help.

It worked btw :P

Thread: Using WHERE

Thread Tools

Search Thread

Using WHERE

Bookmarks

Bookmarks

Posting Permissions