Paul Jinks wrote:
Hi all
I'm building a fairly basic php/mySql site but I'm running into
problems due to my total lack of experience. I have a database of
videos - each has a title, transcript, description and one or more
topics. So far I can search the database by topic (using a drop-down
menu), like this:
<?php
$result = mysql_query("SELECT title FROM videos WHERE topic1= '$topic'");
Hi - first up, make sure that you're passing clean input. It's worth
learning about security from the start. As you've mentioned below that
you're using PHP, you can do this by making sure $topic has been put
through mysql_real_escape_string() - it's not ideal, but it's better
than nothing[1].
while($row = mysql_fetch_array($result))
{
echo $row['title'];
echo "<br />";
}
?>
What you'd probably be better doing is having something like this:
printf("<a href='video_display.php?id=%s'>%s</a>", $row["id"],
$row["title"]);
And changing your query accordingly.
Obviously, you'd need video_display.php to accept GET input in the form
of id= as well.
Cheers,
Gary
[1] It's not a magic bullet in so far as it doesn't stop SQL injection.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
