Jump to content

Archived

This topic is now archived and is closed to further replies.

Mutley

URL Variables only work as numbers?

Recommended Posts

I did this:
[code]?user=1[/code]
...and it works but if I change my database entry to a word like "test" instead of "1", it doesn't work and just displays this:

[code]Unknown column 'test' in 'where clause'[/code]

Any ideas why?

Share this post


Link to post
Share on other sites
[code]$userid = $_GET['user'];
if($userid) {
$sql  = "SELECT * ";
$sql .= "FROM style ";
$sql .= "WHERE user_id=".$userid." ";

$result = mysql_query($sql) or die (mysql_error());

if(mysql_num_rows($result) == 1) {

$row = mysql_fetch_array($result);
[/code]

Share this post


Link to post
Share on other sites
[code=php:0]
$userid = $_GET['user'];
if($userid) {
$sql  = "SELECT * ";
$sql .= "FROM style ";
$sql .= "WHERE user_id = '$userid' ";

$result = mysql_query($sql) or die (mysql_error());

if(mysql_num_rows($result) == 1) {

$row = mysql_fetch_array($result);
            }
[/code]

What happens now?

Share this post


Link to post
Share on other sites
if i were u i would re-write this as this.
[code]
$userid = $_GET['user'];
if($userid) {
$sql  = "SELECT * FROM `style` WHERE `user_id`='".$userid."'"; //Put all this in one line and add the ` and the '

$result = mysql_query($sql) or die (mysql_error());

if(mysql_num_rows($result) == 1) {

$row = mysql_fetch_array($result);
[/code]

try it. c if it works

Share this post


Link to post
Share on other sites
Even better: [code]if(!empty($_GET['user']))
{
$result = mysql_query("SELECT * FROM style WHERE user_id='{$_GET['user']}'") or die (mysql_error());
if(mysql_num_rows($result) == 1)
{
$row = mysql_fetch_array($result);[/code]

Share this post


Link to post
Share on other sites
yes but some ppl dont like putting the query straight into mysql_query. i used to do it. ur way is just neater, well its my way as well. but i use OOP so mine would be $DB->query

Share this post


Link to post
Share on other sites
I don't see the point in first making a variable with the query and then pass the variable to the query function except if you are going to use the query variable more times (like a debug page or something).

Share this post


Link to post
Share on other sites
Even better II.
[code=php:0]
if(preg_match("/^[0-9]+$/", $_GET['user']))
{
$user_id = $_GET['user'];
     
            $sql = "SELECT * FROM style WHERE user_id='{$user_id}'";
$result = mysql_query($sql) or die (mysql_error());
if(mysql_num_rows($result))
{
$row = mysql_fetch_array($result);
[/code]

Share this post


Link to post
Share on other sites
Instead of [code]if(preg_match("/^[0-9]+$/", $_GET['user']))[/code] you could just use [code]if(is_numeric($_GET['user']))[/code]

Share this post


Link to post
Share on other sites
Why is it better? I'm not ace at PHP so can't just see how it is better. THanks alot though. :)

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.