Jump to content

[SOLVED] Escaping single/double


rawky1976

Recommended Posts

maybe

$query = "SELECT CONCAT(client_lname, ', ',client_fname) AS name FROM clients ASC WHERE client_lname = ".$_POST['editclient'];
or
$query = "SELECT CONCAT(client_lname, ', ',client_fname) AS name FROM clients ASC WHERE client_lname = '".$_POST['editclient']."'";

or
$query = "SELECT CONCAT(client_lname, ', ',client_fname) AS name FROM clients ASC WHERE client_lname = {$_POST['editclient']}";

$_POST is actually an array and 'editclient' is an array key or index. The code should work like that so be sure to have a textfield called 'editclient'. Anyway try this different approach but should give the same results:

 

$editclient = $_POST['editclient'];
$query = "SELECT CONCAT(client_lname, ', ',client_fname) AS name FROM clients ASC WHERE client_lname='$editclient'";

Hello again, found the problem with the above; I named the submit button instead of the text field in the form!!! Sorry guys!

 

What can I put between these two lines to display the content of $query on the webpage? It's now dropping out of the if condition to display 'no results match etc...'

 

$result = @mysql_query ($query);

			if ($result) {

 

?

 

Thanks, Mark

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.