virtuexru Posted March 28, 2007 Share Posted March 28, 2007 OK. So I have a link with an ?id=$username field on the first page that works fine... Here's the code on the next page to try and get it to work but I get an error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Here's the code: include('config/config.php'); include('config/connect.php'); $display = "SELECT displayname, joindate, posts FROM userlist WHERE displayname = $id"; $result = mysql_query($display) or die(mysql_error()); $userinfo = mysql_fetch_array($result); Link to comment https://forums.phpfreaks.com/topic/44636-solved-so-simple-whats-wrong-with-this/ Share on other sites More sharing options...
B34ST Posted March 28, 2007 Share Posted March 28, 2007 try this: include('config/config.php'); include('config/connect.php'); $display = "SELECT displayname, joindate, posts FROM userlist WHERE displayname = '$id'"; $result = mysql_query($display) or die(mysql_error()); $userinfo = mysql_fetch_array($result); Link to comment https://forums.phpfreaks.com/topic/44636-solved-so-simple-whats-wrong-with-this/#findComment-216756 Share on other sites More sharing options...
virtuexru Posted March 28, 2007 Author Share Posted March 28, 2007 You saved me, what a stupid mistake. Thanks B34ST. Link to comment https://forums.phpfreaks.com/topic/44636-solved-so-simple-whats-wrong-with-this/#findComment-216758 Share on other sites More sharing options...
kenrbnsn Posted March 28, 2007 Share Posted March 28, 2007 Register_globals are probably disabled for security reasons. If you are learning from an old book, the examples were written with the assumption that they were enabled. You need to explicitly retrieve the value from the $_GET superglobal array for values passed on the URL. Also, strings in MySQL need to be quoted. <?php $display = "SELECT displayname, joindate, posts FROM userlist WHERE displayname = '" . $_GET['id'] . "'"; $result = mysql_query($display) or die("Problem with the query: <pre>$display</pre><br>" . mysql_error()); $userinfo = mysql_fetch_assoc($result); ?> Ken Link to comment https://forums.phpfreaks.com/topic/44636-solved-so-simple-whats-wrong-with-this/#findComment-216759 Share on other sites More sharing options...
trq Posted March 28, 2007 Share Posted March 28, 2007 <?php include('config/config.php'); include('config/connect.php'); if (isset($_GET['id'])) { $id = $_GET['id']; $display = "SELECT displayname, joindate, posts FROM userlist WHERE displayname = '$id'"; $result = mysql_query($display) or die(mysql_error()); $userinfo = mysql_fetch_array($result); } ?> Link to comment https://forums.phpfreaks.com/topic/44636-solved-so-simple-whats-wrong-with-this/#findComment-216760 Share on other sites More sharing options...
per1os Posted March 28, 2007 Share Posted March 28, 2007 Along with Beast, do this: include('config/config.php'); include('config/connect.php'); // Note to retrieve post/get should always be done this way. $display = "SELECT displayname, joindate, posts FROM userlist WHERE displayname = '".mysql_real_escape_string($_GET['id'])."'"); // the real excape helps prevent sql injection. $result = mysql_query($display) or die(mysql_error()); $userinfo = mysql_fetch_array($result); Link to comment https://forums.phpfreaks.com/topic/44636-solved-so-simple-whats-wrong-with-this/#findComment-216761 Share on other sites More sharing options...
virtuexru Posted March 28, 2007 Author Share Posted March 28, 2007 Wow, thanks for all the help guys. Worked perfectly. Link to comment https://forums.phpfreaks.com/topic/44636-solved-so-simple-whats-wrong-with-this/#findComment-216769 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.