CSS Codes
CSS Layouts
Results 1 to 2 of 2

Thread: Need some help... Stuck

  1. 02-25-2012, 07:26 AM #1
    captainjustin
    captainjustin is offline Junior Coders
    Join Date
    Aug 2009
    Location
    Florida
    Posts
    23
    Thanks
    8
    Thanked 0 Times in 0 Posts

    Default Need some help... Stuck

    I'm trying to figure out how to search for three things that are passed my url. Thanks in advance for any suggestions. Still Learning

    PHP Code:

    $q1     "select * from platform_locations where area = '$_GET[area]' structure_number = $_GET[structure_number] and block_number = '$_GET[block_number]' ";

    $r1 mysql_query($q1) or die(mysql_error());

    $a1 mysql_fetch_array($r1); 
    Reply With Quote Reply With Quote
  2. 02-25-2012, 03:18 PM #2
    fastsol1's Avatar
    fastsol1
    fastsol1 is offline Regular Coders
    Join Date
    Jul 2010
    Location
    Minnesota
    Posts
    256
    Thanks
    1
    Thanked 21 Times in 21 Posts

    Default

    You need to use the AND or OR in between each thing you are searching for in the query string. Also you really need to add some security measures cause right now it's wide open to sql injection attacks. Here are 2 examples depending on what you are after for a result.

    PHP Code:
    // This example says that it will only return info if all 3 vars match a row in the db.
    $area mysql_real_escape_string($_GET['area']);

    $structure number mysql_real_excape_string($_GET['structure_number']); // Use this if it's NOT a full integer value.
    $structure number = (int)$_GET['structure_number']; // Use this if it IS a full integer value.

    $block_number mysql_real_escape_string($_GET['block_number']); // Use this if it's NOT a full integer value.
    $block_number = (int)$_GET['block_number']; // Use this if it IS a full integer value.

    $q1 "SELECT * FROM `platform_locations` WHERE `area` = '$area' AND `structure_number` = `$structure_number' AND `block_number` = '$block_number'";

    $r1 mysql_query($q1) or die(mysql_error());

    $a1 mysql_fetch_array($r1); 
    PHP Code:
    // This example says that if any of the 3 vars are equal to a column in the db it will return the info.
    $area mysql_real_escape_string($_GET['area']);

    $structure number mysql_real_excape_string($_GET['structure_number']); // Use this if it's NOT a full integer value.
    $structure number = (int)$_GET['structure_number']; // Use this if it IS a full integer value.

    $block_number mysql_real_escape_string($_GET['block_number']); // Use this if it's NOT a full integer value.
    $block_number = (int)$_GET['block_number']; // Use this if it IS a full integer value.

    $q1 "SELECT * FROM `platform_locations` WHERE `area` = '$area' OR `structure_number` = `$structure_number' OR `block_number` = '$block_number'";

    $r1 mysql_query($q1) or die(mysql_error());

    $a1 mysql_fetch_array($r1); 
    Notice the use of `backticks` around the table and column names. Try to get into the practice of using those. It makes mysql understand that those are definitely table and column names, just in case you accidentally try to use a mysql reserved keyword it won't be an issue then.
    Also if any of the vars are integer values, you don't truly need to use 'single' quotes around them in the query string, since the quotes are only needed for string values. It doesn't really hurt to use them unless you are trying to compare the TYPE of value in the db.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules