Couple things, read in-line...
Steve Marquez wrote:
Greetings,
The following code works in every way except one. The variable,
$linkspage, in the link, will not replace with information from the
database for some reason. No matter what else I put in $id_num,
$filename or whatever it replaces, but not $linkspage. The variable does
work above, in the query.
Does this make sense? I hope so.
Thanks for any help.
<?
I suggest using <?php instead of short tags... anyways...
include '../cms/cnx.php';
$linkspage = $_GET["linkspage"];
Holly cow, clean this variable before you use it in an SQL statement!!!
Use mysql_real_escape_string() if nothing else.
/* Performing SQL query */
$query = "SELECT * FROM cms_pages WHERE linkspage='$linkspage' ORDER BY
id_num DESC";
What are the name of all the columns in this table? Could one of them be called
'likespage' by change?
$result = mysql_query($query) or die("Query failed");
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
extract ( $line );
Never, Never, Never run extract like this. Refer to the
?>
<a class="subnav" href="<?php print
"$filename?linkspage=$linkspage"; ?>">
<?
if ($filename = str_replace('.php','',$filename)) {
echo ''.$filename.'';
What is this for? Just use
echo $filename;
}
echo ' </a>';
}
Wait, just replace the entire previous code with this
Note: long tag instead of short :)
<?php
# ummm... your stuff here....
include '../cms/cnx.php';
# Note: your_cleaner_function() refers to a function that you built that cleans
# and validates the input. It is nothing that is built into PHP.
$linkspage = your_cleaner_function($_GET["linkspage"]);
/* Performing SQL query */ # nope, build query
# Please remember to escape your data!!!!!
$SQL = "SELECT *
FROM cms_pages
WHERE linkspage='".mysql_real_escape_string($linkspage)."'
ORDER BY id_num DESC";
# Perform query has been moved here.
# Check to see if the the query failed
if ( ( $result = mysql_query($SQL) ) !== false ) {
# Loop through result set, I used *_fetch_assoc() instead of *_fetch_array
# It is less typing! But then again, I guess my comments make up the
# difference in the savings. :)
while ( $line = mysql_fetch_assoc($result) ) {
# echo each link
echo "<a href='{$filename}?linkspage={$linkspage}' class='subnav' >" .
str_replace('.php', '', $filename) . "</a>";
}
} else {
# well duh...
echo 'No results!';
}
?>
their is no need for a condition, because the way that you have it, if it fails,
then it doesn't print anything at all.
?>
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
