Mysql_escape_string

[techker]

hey guys is it possible to do this?

 

like(cause i can't explain the srting if it is the real name..lol)

 

link :http://site.ca/admin/GymGraph/grapht.php?id=4,trainer=mike

 

 

$trainer= mysql_escape_string($_GET['trainer']); 
$id = mysql_escape_string($_GET['id']); 

$sql = "SELECT *  
FROM `$trainer`  
WHERE `id`= $id"  
; 
$res= mysql_query($sql); 
$row= mysql_fetch_assoc($res);?>  

 

i changed it to

 

mysql_real_escape_string  and still nothing.

 

it is as soon as i pass 2 infor in the link it does not work..

 

 

[waynew]

link :http://site.ca/admin/GymGraph/grapht.php?id=4&trainer=mike

 

 

[rhodesa]

yeah, & not ,

[waynew]

$trainer= mysql_real_escape_string($_GET['trainer']); 
$id = mysql_real_escape_string($_GET['id']); 

$sql = "SELECT *  
FROM `$trainer`  
WHERE `id`= $id"  
; 
$res= mysql_query($sql); 
$row= mysql_fetch_assoc($res);?>  

[techker]

so with & works if i remove the space..

this is my link to the file

<a href="grapht.php?trainer=<? echo $row['trainer']?>&id=<? echo $row['id'] ?>" target="_blank">

 

in the browser it gives

 

http://site.ca/admin/GymGraph/grapht.php?trainer=mike%20&id=4

 

the %20

[techker]

szo i just inverted the id with training and it works fine now!lol

 

thx for the quick reply!i can always count on this forum!!