kyleldi Posted November 29, 2007 Share Posted November 29, 2007 If i'm calling for a query via URL variables, is this correct? My code: if (isset($_GET['category'])) { //Page first accessed $category = $_GET['category']; } else { if (isset($_POST['category'])) { //form has been submit $category = $_POST['category']; } } if (isset($_GET['id'])) { //Page first accessed $id = $_GET['id']; } else { if (isset($_POST['id'])) { //form has been submit $id = $_POST['id']; } } mysql_select_db($database_admin, $admin); $query_rs_gallery = "SELECT * FROM gallery WHERE $category, $id = $category & $id"; The URL: http://www.website.com/show/detail.php?category=parts&id=2 I get the generic "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version" error and am not sure what is incorrect. Any help would be great! Thanks! Link to comment https://forums.phpfreaks.com/topic/79427-url-variables/ Share on other sites More sharing options...
trq Posted November 29, 2007 Share Posted November 29, 2007 Your query is definately foobar'd. So mutch so that its hard to even make out what you really want. Maybe.... $query_rs_gallery = "SELECT * FROM gallery WHERE $category = $id"; You really should clean your variables before using them in any query as well. your opening yourself up for sql injection otherwise. Take a look at mysql_real_escape_string. Link to comment https://forums.phpfreaks.com/topic/79427-url-variables/#findComment-402143 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.