faleira Posted August 24, 2006 Share Posted August 24, 2006 Hey, I just started coding in php recently and I'm trying to make it so that my Mysql_Query function will be different depending on a $_GET variable, but because php variables aren't recognised in the middle of an sql query, I can't seem to figure out how to do it. I've tried looking around about this, but pretty much every article about that function i find, doesn't really seem to touch on this matter.basically, what i'm trying to do is perform the sql query:[code]Select * From (table) WHERE id=$_GET['value'][/code]I can't seem to find a way around this problem. Could anyone tell me any method i could use so that i may do that? Quote Link to comment Share on other sites More sharing options...
.josh Posted August 24, 2006 Share Posted August 24, 2006 you can put php variables in the middle of the query. your problem is probably with your quotes. but you shouldn't put a get variable directly into a query anyways. big security hole. you can do something like this:[code]$id = mysql_real_escape_string($_GET['id']);$query = "select * from table where id = '$id'";$result = mysql_query($query);[/code] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.