kyleldi Posted November 29, 2007 Share Posted November 29, 2007 If i'm calling for a query via URL variables, is this correct? My code: if (isset($_GET['category'])) { //Page first accessed $category = $_GET['category']; } else { if (isset($_POST['category'])) { //form has been submit $category = $_POST['category']; } } if (isset($_GET['id'])) { //Page first accessed $id = $_GET['id']; } else { if (isset($_POST['id'])) { //form has been submit $id = $_POST['id']; } } mysql_select_db($database_admin, $admin); $query_rs_gallery = "SELECT * FROM gallery WHERE $category, $id = $category & $id"; The URL: http://www.website.com/show/detail.php?category=parts&id=2 I get the generic "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version" error and am not sure what is incorrect. Any help would be great! Thanks! Quote Link to comment Share on other sites More sharing options...
trq Posted November 29, 2007 Share Posted November 29, 2007 Your query is definately foobar'd. So mutch so that its hard to even make out what you really want. Maybe.... $query_rs_gallery = "SELECT * FROM gallery WHERE $category = $id"; You really should clean your variables before using them in any query as well. your opening yourself up for sql injection otherwise. Take a look at mysql_real_escape_string. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.