Need Desperate PHP Code Help,

[Blaze97]

Right so here is all the background information you'll need to know;

 

I'm working on a PHP/My SQL Blog, The index.php page works fine and displays the post's fine, On each post there is a link to the article on its own separate page so the php generate a URL like so

 

http://www.mywebsite.com/news.php?articleid=HEREISTHEIDNUMBER

 

This part all work fine however the news.php page will not work. I keep getting error messages like

"Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/tserv1/public_html/news.php on line 3"

 

Can anyone rewrite this page to work for me please. If you can please keep it in the table I have already provided. Thanks

<?php 
include("config/config.php");
$data = mysql_query("SELECT * FROM blog WHERE articleid = $_GET["articleid"] ORDER by date_posted ASC") 
or die(mysql_error()); 
while($row = mysql_fetch_array($data))
  {
echo "<table class='main'> <tr> <td> <a href='/news.php?articleid=" . $row['articleid'] . "' class='article_title'>" . $row['title'] . "</a>
<p>" . $row['introduction'] . "</p></td><tr><td ALIGN='RIGHT' class='small'> Posted by:" . $row['author'] . ", on " . $row['date'] .  ",</td></tr></table>";

?>

[Skewled]

$data = mysql_query("SELECT * FROM blog WHERE articleid = '" . $_GET["articleid"] . "' ORDER by date_posted ASC") 

[Pikachu2000]

You should also be aware that you have nothing in place to prevent a malicious user for executing a SQL injection attack. That should be addressed before you put any of this code on a live server.

 

$data = mysql_query("SELECT * FROM blog WHERE articleid = {$_GET['articleid']} ORDER by date_posted ASC")

[Blaze97]

Thanks I'm just testing that now thanks guys,

 

But what is a SQL Injection attack, I have been programming PHP for only 3 days now and its all new to me,

[Skewled]

look up mysql_real_escape_string in the php manuel.. along with trim()