smproph Posted December 4, 2010 Share Posted December 4, 2010 The problem lies in this line $sql2="SELECT picture, email, participant_name FROM $tbl_name WHERE team_no='$team'"; I copied the rest of my code below so you can see the rest of my code. Any help would be great. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-19722573-1']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> <meta content="yes" name="apple-mobile-web-app-capable" /> <meta content="index,follow" name="robots" /> <meta content="text/html; charset=utf-8" http-equiv="Content-Type" /> <link href="../pics/homescreen.gif" rel="apple-touch-icon" /> <meta content="minimum-scale=1.0, width=device-width, maximum-scale=0.6667, user-scalable=no" name="viewport" /> <!--[if IE]> <link rel="stylesheet" type="text/css" href="../css/styleIE.css" /> <![endif]--> <link href="../css/style.css" rel="stylesheet" media="screen" type="text/css" /> <script src="../javascript/functions.js" type="text/javascript"></script> <title>SNU Intramurals</title> <LINK REL="SHORTCUT ICON" HREF="images/favicon.ico"> </head> <body> <div id="outer"> <div id="topbar"> <div id="title"> SNU Intramurals</div> <div id="rightbutton"> <a href="../index.php">Home</a> </div> <div id="leftnav"> <a href="../gender.html">Back</a> </div> </div> <div id="content"> <ul class="pageitem"> <li class="textbox3"><span class="header3">Teams</span></li> <?php $host="localhost"; // Host name $username="*****"; // Mysql username $password="*******"; // Mysql password $db_name="********"; // Database name $tbl_name="participants"; // Table Name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Retrieve data from database $sql="SELECT DISTINCT team_no FROM $tbl_name"; $result=mysql_query($sql); // Start looping rows in mysql database. while($rows=mysql_fetch_array($result)){ $team=$rows['team_no']; ?> <li class="menu"> <a href="#"; onclick = " if(document.getElementById('<?=$team?>').style.display=='inline') {document.getElementById('<?=$team?>').style.display='none';} else if (document.getElementById('<?=$team?>').style.display='none') {document.getElementById('<?=$team?>').style.display='inline';}" > <span class="name"> <table> <tr><td><?=$team?></td></tr> </table> </span> </a> </li> <? [b]$sql2="SELECT picture, email, participant_name FROM $tbl_name WHERE team_no='$team'";[/b] $result2=mysql_query($sql2); $team2=$team; ?> <li class="textbox"><span class="name"> <table id="<?=$team?>" style="display:none;"> <? $num=1; while(($rows2=mysql_fetch_array($result2)) && ($num >= 1)){ $picture=$rows2['picture']; $email=$rows2['email']; $name=$rows2['participant_name']; if ($num == 1) { echo "<tr>"; } else if ($num == 4) { echo "</tr>"; $num = 1; } ?> <? echo "<td align='center'>"; echo "$name"; echo"<br \>"; if ($picture==T) { echo '<SCRIPT LANGUAGE="javascript"> var url; var email = "' . $email . '"; function emailsplit () { var userid = email.split("@"); var url = userid[0]; var imgid = "http://my.snu.edu/images/idpictures/" + url + "-S.jpg"; return imgid; } </SCRIPT>'; echo "<SCRIPT LANGUAGE='javascript'>document.write ('<img src=\"' + emailsplit() + '\" width=\"64\" height=\"64\" alt=\"Picture ID\" style=\"-webkit-border-radius: 8px; -moz-border-radius: 1em;\" />'); </SCRIPT>"; } else { echo "<SCRIPT LANGUAGE='javascript'>document.write ('<img src=\"http://dangerouslycareful.com/images/noimage.jpg\" width=\"64\" height=\"64\" alt=\"Picture ID\" />'); </SCRIPT>"; }; echo"<br \>"; echo"</td>"; $num++; ?> <? // close while loop } ?> </table> </span></li> <? } // close connection mysql_close(); ?> </ul> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/220670-what-is-wrong-with-this-mysql-statement/ Share on other sites More sharing options...
smproph Posted December 4, 2010 Author Share Posted December 4, 2010 I figured it out. My value was Men's 1. MYSQL does not like " ' " apparently. Just had to mysql_real_escape_string($team); and it works great now. Quote Link to comment https://forums.phpfreaks.com/topic/220670-what-is-wrong-with-this-mysql-statement/#findComment-1142988 Share on other sites More sharing options...
Pikachu2000 Posted December 4, 2010 Share Posted December 4, 2010 You should be sanitizing ALL form data before using it in a database query anyhow. Not doing so is like begging people to hack your site. Quote Link to comment https://forums.phpfreaks.com/topic/220670-what-is-wrong-with-this-mysql-statement/#findComment-1143017 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.