Meanwhile, you should probably use prepared statements to avoid SQL injection. On Mon, 12 Jun 2023 at 16:03, e-letter <inpost@xxxxxxxxx> wrote: > First, sorry for the mistake to type a sanitised version of code. > Should have been: > "$query=$_GET['databasecolumn'];" > > After some rtfm, confused as a non-computer-programmer why it is > necessary to set the $_GET parameter. > > The overall simple scenario is to view a postgresql database in a > series of html web pages of more details of data ("drill down"?). > > php code within html file 1: > " > $databasequery=pg_query($databaseconnection,'SELECT > databasecolumn1, > databasecolumn2 FROM databasetable'); > if (!$databasequery) { > echo 'rubbish code'; > exit; > } > while > ($databasequery1=pg_fetch_assoc($databasequery)) { > echo '<p> > <span><a > href="localfile.php?databasecolumn1='.$databasequery1['databasecolumn1'].'">'.$databasequery1['databasecolumn1'].'</a></span>'; > echo ' <span>' > .$databasequery1['databasecolumn2'].'</span>'; > </p>'; > } > " > > The first html file shows successfully the a list of hyperlinks from > the database, for tuples in 'databasecolumn1'. The desired behaviour > is that the second html file shows another database query result for > each tuple in the first html file, i.e. more detail from the database > for each tuple in 'databasecolumn1'. > > > php code within html file 2: > " > $databasequery2=pg_query($databasequery1); > $databasequery3=pg_query("SELECT * FROM databasetable WHERE > databasecolumn1='{$databasequery2['databasecolumn']}'"); > echo $databasequery3 > " > > The html file 2 shows: > " > resource id#3 > " > > The expected result was to show all columns for the row constraint > (...WHERE ...) > > It seems that the use of a php variable within a postgresql query is > not understood. What relevant terminology to read next please? > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- *Thanks In Advance,* *Michael OKI* *CBSA* *Technologist* *+34663549276* *"Impossible Is Nothing"* *Scan and share QR codes on the mycodescanner <https://play.google.com/store/apps/details?id=com.inspirati.mycodescanner&hl=en_US&gl=US>app* BTA Certified Blockchain Solution Architect & IEEE member https://michaeloki.blogspot.com