idgeit Posted March 19, 2007 Share Posted March 19, 2007 Get all, can anyone tell me what im doing wrong here? $query = "SELECT products.product_dis, products.product_title, products.product_dis, products.product_id, products.product_price, products.product_pic FROM products WHERE products.product_cat = ".$_GET['id']; in the products.product_dis would be say "tools", and I want to use the _GET to take this from the URL, so, /catview.php?id=tools Any help would be great! ~ Idgeit Link to comment https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/ Share on other sites More sharing options...
wildteen88 Posted March 19, 2007 Share Posted March 19, 2007 what does products.product_cat hold? You are using that column in your WHERE clause. DO you mean products.product_dis instead? Also make sure you validate what is coming from _GET['id']. A malicious user could do SQL Injection attacks. Never use raw user input _POST, _GET etc in SQL queries. Link to comment https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/#findComment-210448 Share on other sites More sharing options...
monk.e.boy Posted March 19, 2007 Share Posted March 19, 2007 http://www.webmaster-talk.com/php-forum/58129-sql-injection-problem-php-mysql-websites.html#post271952 monk.e.boy Link to comment https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/#findComment-210450 Share on other sites More sharing options...
wildteen88 Posted March 19, 2007 Share Posted March 19, 2007 Why out the link in a code box for monkey? Code boxes are for code not links Link to comment https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/#findComment-210461 Share on other sites More sharing options...
idgeit Posted March 19, 2007 Author Share Posted March 19, 2007 the products.product_cat holds a keyword, say "tools" or "tape". Link to comment https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/#findComment-210470 Share on other sites More sharing options...
wildteen88 Posted March 19, 2007 Share Posted March 19, 2007 So what's wrong with your query? Earlier you was talking about products.product_dis Link to comment https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/#findComment-210500 Share on other sites More sharing options...
idgeit Posted March 19, 2007 Author Share Posted March 19, 2007 sorry, I'll edit that!, Basicly the products.product_cat holds a keyword. If I use a number it seems to work, but when i use a word is doesn't Link to comment https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/#findComment-210522 Share on other sites More sharing options...
wildteen88 Posted March 19, 2007 Share Posted March 19, 2007 You sure products.product_cat holds a keyword. Could you post your table scheme for the products table here. If product_cat holds a keyword then it should work. Make sure the keywords you use in the URL and the product_cat column is in the same case. Database matches are not case-insensitive. Type your keywords in lowercase to be on the safe side. Link to comment https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/#findComment-210530 Share on other sites More sharing options...
per1os Posted March 19, 2007 Share Posted March 19, 2007 if (isset($_GET['id']) && !is_numeric($_GET['id'])) $catID = "'" . mysql_real_esacpe_string($_GET['id']) . "'"; // put string in single quotes else $catID = mysql_real_esacpe_string($_GET['id']); $query = "SELECT products.product_dis, products.product_title, products.product_dis, products.product_id, products.product_price, products.product_pic FROM products WHERE products.product_cat = ".$catID; Maybe that will work? Link to comment https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/#findComment-210533 Share on other sites More sharing options...
idgeit Posted March 19, 2007 Author Share Posted March 19, 2007 hey, Its working Thanks for all the help! ~ idgeit Link to comment https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/#findComment-210576 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.