Jump to content

Recommended Posts

I can hit the DB no problem.... However the code below is returning blank... is there a new Query for 5?

~~~~~~~~~~~~~~

 

<?php $result = mysql_query("SELECT * FROM $table WHERE item_number = '$item_number' ");

while($row = mysql_fetch_array($result))

  {

  echo $row['item_number'];

  }

?>

 

 

from a Form feeding the page...

 

<FORM NAME="ViewItem" METHOD=POST ACTION="submit_view_item.php">

    <div align="center">

      <table width="275" border="0" align="center" bgcolor="#FFFFFF">

        <tr>

          <td><div align="center" class="SubHeader">To VIEW Item Data <br>

            Select Item Number from List

            </div>       

        <label></label></td>

      </tr>

        <tr>

          <td><div align="center">

         

<?php

$query = "SELECT * FROM $table ORDER BY item_number";

$result = mysql_query($query) or die(mysql_error());

echo "<SELECT NAME=\"item_number\">\n";

while ($row = mysql_fetch_assoc($result)) {

echo "<OPTION VALUE=\"$row[item_number]\">$row[item_number]</option>\n";

}

echo "</SELECT>\n";

?>       

         

 

          <input type = "Submit" name = "Submit2" value = "Look-Up" />

          </div></td>

      </tr>

        <tr>

          <td height="26"><div align="center"></div></td>

      </tr>

        </table>

    </div>

  </FORM>

Starting from PHP5 register_globals setting is disabled by default. You should use $_POST and $_GET arrays instead.

 

<?php 

$item_number = mysql_real_escape_string($_POST['item_number']);
$result = mysql_query("SELECT * FROM $table WHERE item_number = '$item_number' ");
while($row = mysql_fetch_array($result))
  {
  echo    $row['item_number'];
  }
?>

Fixed it ... Thanks so much...

 

I need to probably re-write this entire thing... but once

 

<?php

$item_number = mysql_real_escape_string($_POST['item_number']);

$result = mysql_query("SELECT * FROM $table WHERE item_number = '$item_number' ");

while($row = mysql_fetch_array($result)) 

echo    $row['item_number']; 

}

?>

 

The rest of the page filled in nicely

I was able to get all the reads fixed by just enabling the registar_globals. And I am able to Create new records, but this does not update for some reason

 

<?php

mysql_query("UPDATE $table SET replacement_item = '$replacement_item' WHERE item_number = '$item_number'");

 

?>

 

Do i need to use

$item_number = mysql_real_escape_string($_POST['item_number']);

in this file also?...

 

Sorry about the newb questions. I have very little mileage on this...

 

If you have register_globals enabled, you shouldn't need this (although using $item_number = mysql_real_escape_string($item_number) would still be a good idea due to security concerns).

 

Read more here about register_globals, and why it has been disabled:

http://php.net/manual/en/security.globals.php

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.