On Tue, May 9, 2006 2:15 pm, David Doonan wrote:
> But I can't help but feel that I'm missing something in the PHP
> syntax.
>
> <?php require_once('../Connections/connTrail.php'); ?>
> <?php
> mysql_select_db($database_connTrail, $connTrail);
> $query_GetThumbs = "SELECT Photos.Photos_ImagePath,
> Photos.Photos_Title, Photos.ID, Photos.Photo_Category,
> Photos_Category.Category_Name, Photos_Category.catID FROM Photos,
> Photos_Category
> WHERE Photos_Category.catID = '$recordcatID' AND
> Photos_Category.Category_Name = Photos.Photo_Category";
//this will explain why you get no records
echo $query_GetThumbs, "<hr />\n";
> $GetThumbs = mysql_query($query_GetThumbs, $connTrail) or die
> (mysql_error());
> Any ideas where I'm going wrong?
Dollars to donuts says you are reading an old tutorial from before the
default for "register_globals" changed from "on" to "off"
The correct solution is NOT to turn "register_globals" back "on" !!!
Use something like this at the top of your script:
<?php
$_CLEAN['recordcatID'] = (int) $_GET['recordcatID'];
?>
.
.
.
Then do:
$query_GetThumbs = "... = $_CLEAN[recordcatID] ...";
Homework:
Read the http://php.net/ page about "register_globals"
Read this whole site: http://phpsec.org/
If you had already read these, you wouldn't be here.
If you haven't read these, you are writing horribly insecure code, and
you might as well put your web server out in the alley for somebody to
take -- You've already done that in a virtual sense.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
