On Wed, Dec 15, 2010 at 17:21, Don Wieland <donw@xxxxxxxxxxxxxxxxxx> wrote:
> Hello,
>
> I originally had a line that built a static array:
>
> $instruments =
> array('Leader','Singer','Piano','Synth','A-Guitar','E-Guitar','Bass','Drums','Perc','Sax','Flute','Sound/AV','Pastor','Producer');
>
> Then I decided I wanted this dynamic and to pull it form the DB. So I
> thought this would bring back similar results:
>
> $queryi = "SELECT Instrument FROM Instruments WHERE `acct_id` =
> '".$_SESSION['ACCT']."' ORDER BY `id_Sort`";
> echo $queryi;
> $resultsi = mysql_query($queryi) or die("Error performing query");
> $instruments = mysql_fetch_array ($resultsi);
>
> Does not. What am i missing here? Thanks!
Some notes:
Try adding a mysql_error() call to your 'or die()' condition:
or die('Error performing query. MySQL said: '.mysql_error());
Change mysql_fetch_array() to mysql_fetch_assoc() and run it
through a while() loop to print things out and make sure it appears as
you expect:
while ($instruments = mysql_fetch_assoc($resultsi)) {
var_dump($instruments);
}
Always, ALWAYS sanitize input --- specifically anything that
exists or is manipulable via any part of the $_REQUEST family ($_GET,
$_POST, $_COOKIE, $_SESSION). For your code:
$queryi = "SELECT Instrument FROM Instruments WHERE `acct_id`
= '".mysql_real_escape_string($_SESSION['ACCT'])."' ORDER BY
`id_Sort`";
--
</Daniel P. Brown>
Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
