Make sure to reply all...
Paul Jinks wrote:
> Thanks to everyone for replying, it's much appreciated. Thanks
> especially for the final piece of the puzzle, Shawn, I don't think I
> was going to find it on my own - the display I have in mind is a
> little different, but I think I can figure it out. Will check all this
> out and let you know how I get on.
>
> Paul
>
> On Wed, Nov 18, 2009 at 3:33 PM, Shawn McKenzie <nospam@xxxxxxxxxxxxx> wrote:
>
>> Gary Smith wrote:
>>
>>> Paul Jinks wrote:
>>>
>>>> Hi all
>>>>
>>>> I'm building a fairly basic php/mySql site but I'm running into
>>>> problems due to my total lack of experience. I have a database of
>>>> videos - each has a title, transcript, description and one or more
>>>> topics. So far I can search the database by topic (using a drop-down
>>>> menu), like this:
>>>>
>>>> <?php
>>>> $result = mysql_query("SELECT title FROM videos WHERE topic1= '$topic'");
>>>>
>>>>
>>> Hi - first up, make sure that you're passing clean input. It's worth
>>> learning about security from the start. As you've mentioned below that
>>> you're using PHP, you can do this by making sure $topic has been put
>>> through mysql_real_escape_string() - it's not ideal, but it's better
>>> than nothing[1].
>>>
>>>> while($row = mysql_fetch_array($result))
>>>> {
>>>> echo $row['title'];
>>>> echo "<br />";
>>>> }
>>>> ?>
>>>>
>>>>
>>> What you'd probably be better doing is having something like this:
>>>
>>> printf("<a href='video_display.php?id=%s'>%s</a>", $row["id"],
>>> $row["title"]);
>>>
>>> And changing your query accordingly.
>>>
>>> Obviously, you'd need video_display.php to accept GET input in the form
>>> of id= as well.
>>>
>> For the first piece Gary has it right, but your query needs to include
>> the id also.
>>
>> $result = mysql_query("SELECT id, title FROM videos WHERE topic1=
>> '$topic'");
>>
>> For the second piece, in video_display.php, you'd do something like this:
>>
>> $id = (int)$_GET['id'];
>> $result = mysql_query("SELECT * FROM videos WHERE id=$id LIMIT 1");
>>
>> if($result) {
>> $row = mysql_fetch_array($result);
>>
>> echo $row['title']."<br />";
>> echo $row['description']."<br />";
>> echo $row['title']."<br />";
>> // etc...
>> } else {
>> die("Invalid id");
>> }
>>
>> --
>> Thanks!
>> -Shawn
>> http://www.spidean.com
>>
>>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
