Hello,
When I run this query then i am getting
SELECT * FROM upload where cas_no='\'104-55-2\''
Why I get backslash in my query ? Otherwise query is ok. and URL value is exact value. www.abc.com/upload_reportt.php?cas_no='104-55-2'.... so what happen with my sql query?
<?php
session_start();
include(functions.php);
?>
<body bgcolor="#F5F5DC">
<a href="logout.php"><h3 align="right">Logout</h3> </a>
<center>
<table width="600" border="1" frame="box" bgcolor="#CCC">
<tr>
<th>CAS No</th>
<th>Title</th>
<th>file name</th>
</tr>
<?php
$where="";
if(!empty($_GET['cas_no'])){
echo $c_no=$_GET['cas_no'];
$where="where cas_no='$c_no' ";
}
db_connect();
echo $qry="SELECT * FROM upload $where";
$result=mysql_query($qry);
while($row=mysql_fetch_array($result))
{
echo"<tr>
<td>".$row['cas_no']."</td>
<td>".$row['title']."</td>
<td><a href='/".$row['file_name']."' target='new'>".$row['file_name']."</a></td></tr>";
}
mysql_close($db);
?>
</table>
</center>
</body>
</html>