smproph Posted December 4, 2010 Share Posted December 4, 2010 The problem lies in this line $sql2="SELECT picture, email, participant_name FROM $tbl_name WHERE team_no='$team'"; I copied the rest of my code below so you can see the rest of my code. Any help would be great. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-19722573-1']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> <meta content="yes" name="apple-mobile-web-app-capable" /> <meta content="index,follow" name="robots" /> <meta content="text/html; charset=utf-8" http-equiv="Content-Type" /> <link href="../pics/homescreen.gif" rel="apple-touch-icon" /> <meta content="minimum-scale=1.0, width=device-width, maximum-scale=0.6667, user-scalable=no" name="viewport" /> <!--[if IE]> <link rel="stylesheet" type="text/css" href="../css/styleIE.css" /> <![endif]--> <link href="../css/style.css" rel="stylesheet" media="screen" type="text/css" /> <script src="../javascript/functions.js" type="text/javascript"></script> <title>SNU Intramurals</title> <LINK REL="SHORTCUT ICON" HREF="images/favicon.ico"> </head> <body> <div id="outer"> <div id="topbar"> <div id="title"> SNU Intramurals</div> <div id="rightbutton"> <a href="../index.php">Home</a> </div> <div id="leftnav"> <a href="../gender.html">Back</a> </div> </div> <div id="content"> <ul class="pageitem"> <li class="textbox3"><span class="header3">Teams</span></li> <?php $host="localhost"; // Host name $username="*****"; // Mysql username $password="*******"; // Mysql password $db_name="********"; // Database name $tbl_name="participants"; // Table Name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Retrieve data from database $sql="SELECT DISTINCT team_no FROM $tbl_name"; $result=mysql_query($sql); // Start looping rows in mysql database. while($rows=mysql_fetch_array($result)){ $team=$rows['team_no']; ?> <li class="menu"> <a href="#"; onclick = " if(document.getElementById('<?=$team?>').style.display=='inline') {document.getElementById('<?=$team?>').style.display='none';} else if (document.getElementById('<?=$team?>').style.display='none') {document.getElementById('<?=$team?>').style.display='inline';}" > <span class="name"> <table> <tr><td><?=$team?></td></tr> </table> </span> </a> </li> <? [b]$sql2="SELECT picture, email, participant_name FROM $tbl_name WHERE team_no='$team'";[/b] $result2=mysql_query($sql2); $team2=$team; ?> <li class="textbox"><span class="name"> <table id="<?=$team?>" style="display:none;"> <? $num=1; while(($rows2=mysql_fetch_array($result2)) && ($num >= 1)){ $picture=$rows2['picture']; $email=$rows2['email']; $name=$rows2['participant_name']; if ($num == 1) { echo "<tr>"; } else if ($num == 4) { echo "</tr>"; $num = 1; } ?> <? echo "<td align='center'>"; echo "$name"; echo"<br \>"; if ($picture==T) { echo '<SCRIPT LANGUAGE="javascript"> var url; var email = "' . $email . '"; function emailsplit () { var userid = email.split("@"); var url = userid[0]; var imgid = "http://my.snu.edu/images/idpictures/" + url + "-S.jpg"; return imgid; } </SCRIPT>'; echo "<SCRIPT LANGUAGE='javascript'>document.write ('<img src=\"' + emailsplit() + '\" width=\"64\" height=\"64\" alt=\"Picture ID\" style=\"-webkit-border-radius: 8px; -moz-border-radius: 1em;\" />'); </SCRIPT>"; } else { echo "<SCRIPT LANGUAGE='javascript'>document.write ('<img src=\"http://dangerouslycareful.com/images/noimage.jpg\" width=\"64\" height=\"64\" alt=\"Picture ID\" />'); </SCRIPT>"; }; echo"<br \>"; echo"</td>"; $num++; ?> <? // close while loop } ?> </table> </span></li> <? } // close connection mysql_close(); ?> </ul> </body> </html> Link to comment https://forums.phpfreaks.com/topic/220670-what-is-wrong-with-this-mysql-statement/ Share on other sites More sharing options...
smproph Posted December 4, 2010 Author Share Posted December 4, 2010 I figured it out. My value was Men's 1. MYSQL does not like " ' " apparently. Just had to mysql_real_escape_string($team); and it works great now. Link to comment https://forums.phpfreaks.com/topic/220670-what-is-wrong-with-this-mysql-statement/#findComment-1142988 Share on other sites More sharing options...
Pikachu2000 Posted December 4, 2010 Share Posted December 4, 2010 You should be sanitizing ALL form data before using it in a database query anyhow. Not doing so is like begging people to hack your site. Link to comment https://forums.phpfreaks.com/topic/220670-what-is-wrong-with-this-mysql-statement/#findComment-1143017 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.