cs1h Posted October 30, 2007 Share Posted October 30, 2007 Hi, I have a script to select data from a database and put it into a new url which the user gets automaticaly directed to that specific page. The problem is that its not getting the data to put into the new url. The code is <?php include "mice.php"; mysql_connect($server, $db_user, $db_pass) or die (mysql_error()); $abc = $_POST['table']; $bcd = $_POST['code1']; $cde = $_POST['pass']; $result = mysql_db_query($database, "select * from $abc WHERE code1 = '$bcd' AND pass = '$cde'") or die (mysql_error()); while ($qry = mysql_fetch_array($result)) { $More = $row['id']; echo "<meta http-equiv=\"refresh\" content=\"1; URL=edit$abc.php?id=$More\">"; } ?> Can anyone help? Thanks Colin Link to comment https://forums.phpfreaks.com/topic/75419-solved-help-getting-data-from-database/ Share on other sites More sharing options...
teng84 Posted October 30, 2007 Share Posted October 30, 2007 try echo "<meta http-equiv=\"refresh\" content=\"1; URL=edit".$abc.".php?id=".$More."\">"; Link to comment https://forums.phpfreaks.com/topic/75419-solved-help-getting-data-from-database/#findComment-381524 Share on other sites More sharing options...
Psycho Posted October 30, 2007 Share Posted October 30, 2007 In your while() clause you are assigning the record to $qry, but in your echo you are using $row. There is no need to assign the value to $More - you are just assigning one variable to another. Also, are you expecting more than one record? Whay are you using a while loop? <?php include "mice.php"; mysql_connect($server, $db_user, $db_pass) or die (mysql_error()); $abc = $_POST['table']; $bcd = $_POST['code1']; $cde = $_POST['pass']; $result = mysql_db_query($database, "select * from $abc WHERE code1 = '$bcd' AND pass = '$cde'") or die (mysql_error()); if ($result) { $row = mysql_fetch_array($result); echo "<meta http-equiv=\"refresh\" content=\"1; URL=edit$abc.php?id={$row['id']}\">"; } else { echo "User not found"; } >< Link to comment https://forums.phpfreaks.com/topic/75419-solved-help-getting-data-from-database/#findComment-381529 Share on other sites More sharing options...
kratsg Posted October 30, 2007 Share Posted October 30, 2007 Use the header() function o_o Works just as effective, but no html would be generated (IE: no echo statement) <?php include "mice.php"; mysql_connect($server, $db_user, $db_pass) or die (mysql_error()); function sanitize($value) { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote if not a number if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value) . "'"; } return $value; } $error = null; $abc = sanitize($_POST['table']); if(empty($_POST['table'])){ $error .= "You didn't submit a value for the table.<br>"; } $bcd = sanitize($_POST['code1']); if(empty($_POST['code1'])){ $error .= "You didn't submit a value to search for in `code1`.<br>"; } $cde = sanitize($_POST['pass']); if(empty($_POST['pass'])){ $error .= "You didn't submit a value to search for in `pass`.<br>"; } if($error != null){ die($error); } $result = mysql_db_query($database, "select id from $abc WHERE code1 = '$bcd' AND pass = '$cde'") or die (mysql_error()); if ($result) { $row = mysql_fetch_array($result); header("refresh:1; url=edit$abc.php?id=".$row['id'].""); } else { die("User not found"); } ?> Why is this code better? One, it prevents sql injections; two, it checks to make sure the user actually submitted all three values; third, it uses the header() function. Link to comment https://forums.phpfreaks.com/topic/75419-solved-help-getting-data-from-database/#findComment-381543 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.