On 5/9/06, David Doonan <dadoonan@xxxxxxx> wrote:
While I am by no strech of the imagination a ColdFusion expert, I
have built a couple of dozen CF sites over the past 5 years. Am
currently working on my first PHP site and am running into a problem
with the simplest little thing.
An index page is returning a list of active category names. Each name
is a link to a thumbnails page. The photos on the thumbnails page are
links to a display page which displays the enlarged photo and
additional text.
My problem is in getting the thumbnails page to only display the
images associated with the category name selected on the index page.
Either the thumbnail page displays ALL images or it displays none.
Below is the query on the thumbnail page, which is currently
returning no records. If I replace '$recordcatID' with the specific
name of a category, the correct records are returned. Likewise, if I
remove the WHERE statement, all records are returned. So obviously
something is wrong with the sql statement.
But I can't help but feel that I'm missing something in the PHP syntax.
<?php require_once('../Connections/connTrail.php'); ?>
<?php
mysql_select_db($database_connTrail, $connTrail);
$query_GetThumbs = "SELECT Photos.Photos_ImagePath,
Photos.Photos_Title, Photos.ID, Photos.Photo_Category,
Photos_Category.Category_Name, Photos_Category.catID FROM Photos,
Photos_Category
WHERE Photos_Category.catID = '$recordcatID' AND
Photos_Category.Category_Name = Photos.Photo_Category";
$GetThumbs = mysql_query($query_GetThumbs, $connTrail) or die
(mysql_error());
$row_GetThumbs = mysql_fetch_assoc($GetThumbs);
$totalRows_GetThumbs = mysql_num_rows($GetThumbs);
?>
The link from the index page to the thumbnails page is carrying the
catID number forward, as seen in the resulting URL (thumbs.php?
ID=17), yet the query isn't accepting it.
table Photos_Category contains the category names.
table Photos contains the photos and other relevant information.
Any ideas where I'm going wrong?
david
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
SELECT
Photos.Photos_ImagePath,
Photos.Photos_Title,
Photos.ID,
Photos.Photo_Category,
Photos_Category.Category_Name,
Photos_Category.catID
FROM
Photos,
Photos_Category
WHERE
Photos_Category.catID = '$recordcatID' AND
Photos_Category.Category_Name = Photos.Photo_Category
Did you mean to join Photos_Category.Category_Name to Photos.Photo_Category?
It looks like you mean Photos_Category.catID = Photos.Photo_Category.
You might want to read about mysql_real_escape_string
(http://us2.php.net/mysql_real_escape_string) because you have a sql
injection vulnerablilty on $recordcatID I'm betting. Maybe not if
you're doing something up above where you "extract" $_GETs to
variables. If you aren't using $_GET anywhere, then you need to use
those since register_globals is depricated.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
