variable syntax

Question

Bazzaah 0 Light Poster

13 Years Ago

Hey there

I'd appreciate some help with variables please.

I have a search function on a site I'm building and would like to have it so that a user can click on a search result to see more columns from that row on the db, if you see what I mean. The best way seems to be to open a new page on which to display more detail on the chosen search result.

I express it like this

echo '<a href="newpage.php?w=' . $row['value'] . '">' . $r['value'] . '</a>';

That part works fine.

The problem is this - when I click through to the new page, all rows on the db are shown i.e. the search is made, result x is returned, click on x and in newpage.php x y and z (i.e. all rows) are displayed.

How do I structure things so that only x (and any other columns from row x that I choose) are displayed?

I'm thinking that I should be able to limit what it displayed with the SELECT but can't seem to find the right syntax to finish it off properly. Currently I have this on newpage.php

$query = "SELECT * FROM pro_words".$_SESSION['where clause'];  
	 
$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_array($result)){

echo '<center>' . $_GET['w'] . '</center> ';	
echo $row['word'] ;

}

I have defined the $_SESSION on search.php as

$_SESSION['word'] = $row['word']

Is that on the right lines?

I know a little PHP, enough to know where the problem is but not quite enough to solve the problem. I've not found an answer yet after hours of googling!

Any help/guidance/code would be really appreciated.

Thanks in advance.

mysql php

4 Contributors
14 Replies
107 Views
1 Week Discussion Span
Latest Post 13 Years Ago Latest Post by Bazzaah

cereal 1,524 Nearly a Senior Poster

13 Years Ago

This is wrong:

$query = "SELECT * FROM pro_words".$_SESSION['where clause'];

this should work:

$query = "SELECT * FROM pro_words WHERE word = ".$_GET['w']; # or $_SESSION['word']

but remember to sanitize data.

Edited 13 Years Ago by cereal because: n/a

cereal 1,524 Nearly a Senior Poster

13 Years Ago

Try with backticks on word:

$query = "SELECT * FROM `pro_words` WHERE `word` = ".$_GET['w'];

Or just try to do a simple query, without $_GET, to see if that works.

Edited 13 Years Ago by cereal because: n/a

ddymacek 15 Posting Whiz

13 Years Ago

try to put ticks around your get variable as well as I assume word in your db is a string.

$variable = '';
$variable = $_GET['w'];
if ($variable != '') {
    $query = "SELECT * FROM `pro_words` WHERE `word` = '".$variable."';
} else {
  echo "NO VARIABLE PASSED IN";
}
// just an example of at least checking for the value of what $_GET['w'] is before executing a query with it.

sv3tli0 0 Junior Poster in Training

13 Years Ago

$query = "SELECT * FROM pro_words".$_SESSION['where clause'];

This SESSION perhaps is the problem.

Edited 13 Years Ago by sv3tli0 because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Bazzaah 0 Light Poster · Answer 1 · 2011-08-24T23:39:27+00:00

Thanks for that.

I get an SQL syntax error around WHERE - any idea what might cause that?

Bazzaah 0 Light Poster · Answer 2 · 2011-08-25T01:20:31+00:00

There's something wrong with the $_GET since it won't echo (and it does on an earlier iteration) - I'll try and get that sorted and hopefully that will sort it out.

Thanks in the meantime.

Bazzaah 0 Light Poster · Answer 3 · 2011-08-31T02:38:48+00:00

Ironed out the problem with $_GET that produced the SQL error (my mistake with a misnamed variable).

The original solution now produces this error

Unknown column 'example' in 'where clause'

Any tips on ironing this out? Doesn't seem as if it should be too far off now?

Thanks in advance for any help.

Bazzaah 0 Light Poster · Answer 4 · 2011-08-31T02:52:02+00:00

Thanks for the reply.

Sorry, should have made it clearer that the code I am using is now this - the $query you reference would be incorrect.

$query = "SELECT * FROM pro_words WHERE word = " . $_GET['w'];
$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_array($result)){

echo $row['word'];
echo "<br />";

}

ddymacek 15 Posting Whiz · Answer 5 · 2011-08-31T02:56:51+00:00

that was my next question...
ok, I'm not sure where 'example' is coming from, but I think you need to use 'ticks'
why type of column is 'word' in your database, it is a string, no?
so

$query = "SELECT * FROM pro_words WHERE word = '" . $_GET['w']."';  // add ticks
//the query syntax is expecting a string you have no string defined in your syntax above.

Bazzaah 0 Light Poster · Answer 6 · 2011-08-31T03:19:20+00:00

Thanks - I'll try that. 'example' above is just a row on the db.

The column is called word because that column contains a word in a dictionary.

(Yes, it would be a string as entries in column 'word' would all be literal constants).

Bazzaah 0 Light Poster · Answer 7 · 2011-09-01T02:06:14+00:00

ddymacek - thanks a lot, really appreciate your help!

This sorted it (your code but there was a missing double quotes).

$query = "SELECT * FROM pro_words WHERE word ='".$_GET['w']."'";

Thanks again - this has been bugging me for a while.

ddymacek 15 Posting Whiz · Answer 8 · 2011-09-01T02:13:03+00:00

Please close the thread if you are satisfied with the answer.
Thanks.

Bazzaah 0 Light Poster · Answer 9 · 2011-09-01T02:14:16+00:00

Bazzaah 0 Light Poster

13 Years Ago

how do I do that?

Bazzaah 0 Light Poster · Answer 10 · 2011-09-01T02:16:34+00:00

don't worry - silly question.

Thanks again!