2007. 04. 26, csütörtök keltezéssel 08.28-kor Thufir ezt írta:
> I couldn't get the page to load when the logic for line 31, "($id ==
> $_POST[recordID])", was in the query. Can the logic for that be moved to the
> query? I expect so.
>
> I tried changing the where clause of the query, no go.
you SHOULD move it to the query, because if you need only that row, the
rest of the while loop is just a waste of cycles.
however, before putting it into the query, first verify
$_POST['recordID'] to avoid SQL injection. if it should be a number,
just typecast it to int like this:
$rec_id = (int) $_POST['recordID'];
and there are other problems with your handling of the query result. you
use extract, but have two columns named 'id'. this leads to confusion.
either select them with an alias provided or select only one of them.
thus the query should be something like:
$query = "SELECT contacts.id AS c_id, px_items.id AS p_id, title,
notes FROM contacts, px_items WHERE contacts.id=px_items.id AND
contacts.id=$rec_id";
(or you can put px_items.id=$rec_id if that's the id you are looking
for)
greets
Zoltán Németh
>
>
> [thufir@localhost ~]$
> [thufir@localhost ~]$ cat /var/www/html/insertContacts.php -n
> 1 <html>
> 2 <head><title>insert contacts</title></head>
> 3 <body>
> 4 <?php
> 5
> 6
> 7 $user="feeds";
> 8 $host="localhost";
> 9 $password="password";
> 10 $database = "feeds";
> 11
> 12 $connection = mysql_connect($host,$user,$password)
> 13 or die ("couldn't connect to server");
> 14 $db = mysql_select_db($database,$connection)
> 15 or die ("Couldn't select database");
> 16
> 17 $query = "INSERT INTO contacts (id , notes) VALUES
> ('$_POST[recordID]' , '$_POST[contacts]')";
> 18 $result = mysql_query($query)
> 19 or die ("Couldn't execute insert query.");
> 20
> 21 $query = "SELECT contacts.id, px_items.id, title, notes
> FROM contacts, px_items WHERE
> 22 contacts.id=px_items.id";
> 23
> 24 $result = mysql_query($query)
> 25 or die ("Couldn't execute second query.");
> 26
> 27 while ($row = mysql_fetch_array($result))
> 28 {
> 29 extract ($row);
> 30
> 31 if ($id == $_POST[recordID])
> 32 {
> 33 echo $id;
> 34 echo "<br>";
> 35 echo "$title";
> 36 echo "<br><br>";
> 37 echo $notes;
> 38 echo "<br><br><br><br>";
> 39 echo "<br><br><br><br>";
> 40
> 41 }//if
> 42 }//while
> 43
> 44
> 45
> 46
> 47 echo "<br>";
> 48 echo "<a href=\"";
> 49 echo "http://localhost/contacts.php";;
> 50 echo "\">";
> 51 echo "http://localhost/contacts.php";;
> 52 echo "</a>";
> 53 echo "<br><br>";
> 54
> 55
> 56 echo "<br>";
> 57 echo "<a href=\"";
> 58 echo "http://localhost/items_notes.php";;
> 59 echo "\">";
> 60 echo "http://localhost/items_notes.php";;
> 61 echo "</a>";
> 62 echo "<br><br>";
> 63
> 64
> 65 ?>
> 66 </body> </html>
> [thufir@localhost ~]$
> [thufir@localhost ~]$ date
> Thu Apr 26 09:24:31 BST 2007
> [thufir@localhost ~]$
> [thufir@localhost ~]$
>
>
>
> thanks,
>
> Thufir
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
