Re: [PHP-WIN] Re: PHP Search DB Table

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David wrote:
>
> Oliver Kennedy wrote:
> > ...
> > I have a very simple database consisting of 1 table, I want users here
> to
> > be able to use a search function to query the database in order to
> return
> > the information on a client by a specific ID number if it is in the
> > database. 
> > ... 
> 
> Try
> 
> $query = "SELECT * FROM clients WHERE clientid = '$term'";
> echo $query . '<br />';
> $result = mysql_query($query);
> 
> And see what is actually in the query.
> 
> Cheers
> -- 
> David Robley

As David stated, output the query and copy it into the MySQL console, see if that gives you an error. You are talking about using an ID -number-, in that case using single quotes around your $term variable is incorrect but won't cause an error on MySQL servers.

Especially because you are new to PHP, I would recommend to do some reading about making PHP secure, your code above has lots of possibilies for code injection and SQL injection:

* Escaping variables for use in MySQL queries [1]
* SQL Injection [2]
* PHP and security [3]

Best regards,

Sascha

[1] http://de.php.net/mysql_real_escape_string
[2] http://de.php.net/manual/en/security.database.sql-injection.php
[3] http://de.php.net/manual/en/security.php
-- 
Freundliche GrÃÃe / Kind regards,

Sascha Meyer
--------------------------------------------------
EE:  http://www.experts-exchange.com/M_761556.html
ZCE: http://www.zend.com/en/yellow-pages#show-ClientCandidateID=ZEND011290

GRATIS! Movie-FLAT mit Ãber 300 Videos. 
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux