On 16 Dec 2005, at 12:30, Paul Jinks wrote:
I have a site where users can search study projects. I'd like to be
able to clicks on a project title which passes a variable to this
page, which then displays all the data on that project in a table.
Cool - and to a noob like me, actually pretty exciting. Except it
doesn't work.
I get a "couldn't set value of result" message - see end of code.
The page displayed all the projects fine when I messed up passing
them from the previous page, so the problem is presumably in the
first SQL query. Any suggestions?
<?
$connect = mysql_connect("", "", "")
or die("could not connect");
$db = mysql_select_db("")
or die("could not select db");
if (isset($HTTP_GET_VARS['projTitle']))
{
$SQLQuery = "SELECT * FROM project WHERE
projTitle = ".$HTTP_GET_VARS['projTitle']
or die("SQLQuery 1 failed");
}
else
{
$SQLQuery = "SELECT*FROM project ORDER BY projTitle"
or die("SQLQuery 2 failed");
}
$result = mysql_query($SQLQuery,$connect)
or die("couldn't set value of result");
?>
Well you've got 5 die statements in there - which one does it die on?
Also check that your web host allows the long array names
($HTTP_GET_VARS), because lots do not. I would suggest replacing
$HTTP_GET_VARS with $_GET (in all instances), because the long format
will eventually vanish and your script will cease to work.
There are various issues re: SQL injection and lack of filtering
going on here, but perhaps not best to dwell on those -just yet-, as
long as you are aware that your script is lacking in all forms of
security? Then you can address that once you've got it working.
I assume you removed the MySQL details to post to the mailing list,
otherwise that won't help too much ;)
Cheers,
Rich
--
http://www.corephp.co.uk
PHP Development Services
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
