Doesn´t return value of variable??

Fenhopi · May 3, 2010

I have this code:

<body>
<?php
// load config file
include("dbconfig.php");

$result = mysql_query("SELECT * FROM news WHERE newsid='$newsid' ",$connect); 
while($myrow = mysql_fetch_assoc($result)) 
{
echo "Title: <h1>";
echo $myrow['title'];
echo "</h1><br><br> Teaser: ";
echo $myrow['text1'];
echo "<br><hr>";
echo "On: <i>";
echo $myrow['dtime'];
echo "</i><hr align=left width=160><br><br>";


}

?>

This is the code that is executed when I hit read more on my news feed. But when it select for example newsid=5 it returns with a blank page.

Please help.


</body>
</html>

trq · May 3, 2010

Where is $newsid defined?

premiso · May 3, 2010

It seems like you are used to working with PHP and register_globals being turned on. This has been off by default in PHP 4.x versions + due to the security vulnerabilities it creates.

Try something like this and see if it works:

<?php
// load config file
include("dbconfig.php");

$newsid = isset($_GET['newsid'])?(int) $_GET['newsid']:0;

$result = mysql_query("SELECT * FROM news WHERE newsid='$newsid' ",$connect); 
while($myrow = mysql_fetch_assoc($result))

Basically it checks if newsid was passed in. If it was it converts it to an INT to avoid a possible sql injection. If not it passes 0, you can do error checks etc here if you would like, but should give you a basic structure.

The ? : are the ternary operator which acts as a shortened else / if incase you were wondering.

Fenhopi · May 3, 2010

Alright, thanks guys. I was working with a tutorial from 2004, so yeah.

Sign In

Doesn´t return value of variable??

Recommended Posts

Fenhopi

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

premiso

Link to comment

Share on other sites

Fenhopi

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information