variable syntax

Hey there

I'd appreciate some help with variables please.

I have a search function on a site I'm building and would like to have it so that a user can click on a search result to see more columns from that row on the db, if you see what I mean. The best way seems to be to open a new page on which to display more detail on the chosen search result.

I express it like this

echo '<a href="newpage.php?w=' . $row['value'] . '">' . $r['value'] . '</a>';

That part works fine.

The problem is this - when I click through to the new page, all rows on the db are shown i.e. the search is made, result x is returned, click on x and in newpage.php x y and z (i.e. all rows) are displayed.

How do I structure things so that only x (and any other columns from row x that I choose) are displayed?

I'm thinking that I should be able to limit what it displayed with the SELECT but can't seem to find the right syntax to finish it off properly. Currently I have this on newpage.php

$query = "SELECT * FROM pro_words".$_SESSION['where clause'];  
	 
$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_array($result)){

echo '<center>' . $_GET['w'] . '</center> ';	
echo $row['word'] ;

}

I have defined the $_SESSION on search.php as

$_SESSION['word'] = $row['word']

Is that on the right lines?

I know a little PHP, enough to know where the problem is but not quite enough to solve the problem. I've not found an answer yet after hours of googling!

Any help/guidance/code would be really appreciated.

Thanks in advance.

Bazzaah

Light Poster

33 posts since May 2010

Reputation Points: 10

Solved Threads: 0

9 Months Ago

0

This is wrong:

$query = "SELECT * FROM pro_words".$_SESSION['where clause'];

this should work:

$query = "SELECT * FROM pro_words WHERE word = ".$_GET['w']; # or $_SESSION['word']

but remember to sanitize data.

cereal

Master Poster

709 posts since Aug 2007

Reputation Points: 214

Solved Threads: 120

9 Months Ago

0

Thanks for that.

I get an SQL syntax error around WHERE - any idea what might cause that?

Bazzaah

Light Poster

33 posts since May 2010

Reputation Points: 10

Solved Threads: 0

9 Months Ago

0

Try with backticks on word:

$query = "SELECT * FROM `pro_words` WHERE `word` = ".$_GET['w'];

Or just try to do a simple query, without $_GET, to see if that works.

cereal

Master Poster

709 posts since Aug 2007

Reputation Points: 214

Solved Threads: 120

9 Months Ago

0

There's something wrong with the $_GET since it won't echo (and it does on an earlier iteration) - I'll try and get that sorted and hopefully that will sort it out.

Thanks in the meantime.

Bazzaah

Light Poster

33 posts since May 2010

Reputation Points: 10

Solved Threads: 0

9 Months Ago

0

try to put ticks around your get variable as well as I assume word in your db is a string.

$variable = '';
$variable = $_GET['w'];
if ($variable != '') {
    $query = "SELECT * FROM `pro_words` WHERE `word` = '".$variable."';
} else {
  echo "NO VARIABLE PASSED IN";
}
// just an example of at least checking for the value of what $_GET['w'] is before executing a query with it.

ddymacek

Posting Whiz

317 posts since Jun 2010

Reputation Points: 36

Solved Threads: 64

9 Months Ago

0

Ironed out the problem with $_GET that produced the SQL error (my mistake with a misnamed variable).

The original solution now produces this error

Unknown column 'example' in 'where clause'

Any tips on ironing this out? Doesn't seem as if it should be too far off now?

Thanks in advance for any help.

Bazzaah

Light Poster

33 posts since May 2010

Reputation Points: 10

Solved Threads: 0

9 Months Ago

0

$query = "SELECT * FROM pro_words".$_SESSION['where clause'];

This SESSION perhaps is the problem.

sv3tli0

Junior Poster in Training

78 posts since Aug 2011

Reputation Points: 10

Solved Threads: 18

9 Months Ago

0

Thanks for the reply.

Sorry, should have made it clearer that the code I am using is now this - the $query you reference would be incorrect.

$query = "SELECT * FROM pro_words WHERE word = " . $_GET['w'];
$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_array($result)){

echo $row['word'];
echo "";

}

Bazzaah

Light Poster

33 posts since May 2010

Reputation Points: 10

Solved Threads: 0

9 Months Ago

0

that was my next question...
ok, I'm not sure where 'example' is coming from, but I think you need to use 'ticks'
why type of column is 'word' in your database, it is a string, no?
so

$query = "SELECT * FROM pro_words WHERE word = '" . $_GET['w']."';  // add ticks
//the query syntax is expecting a string you have no string defined in your syntax above.

ddymacek

Posting Whiz

317 posts since Jun 2010

Reputation Points: 36

Solved Threads: 64

9 Months Ago

0

Thanks - I'll try that. 'example' above is just a row on the db.

The column is called word because that column contains a word in a dictionary.

(Yes, it would be a string as entries in column 'word' would all be literal constants[I suppose]).

Bazzaah

Light Poster

33 posts since May 2010

Reputation Points: 10

Solved Threads: 0

9 Months Ago

0

ddymacek - thanks a lot, really appreciate your help!

This sorted it (your code but there was a missing double quotes).

$query = "SELECT * FROM pro_words WHERE word ='".$_GET['w']."'";

Thanks again - this has been bugging me for a while.

Bazzaah

Light Poster

33 posts since May 2010

Reputation Points: 10

Solved Threads: 0

9 Months Ago

0

Please close the thread if you are satisfied with the answer.
Thanks.

ddymacek

Posting Whiz

317 posts since Jun 2010

Reputation Points: 36

Solved Threads: 64

9 Months Ago

0

how do I do that?

Bazzaah

Light Poster

33 posts since May 2010

Reputation Points: 10

Solved Threads: 0

9 Months Ago

0

don't worry - silly question.

Thanks again!

Bazzaah

Light Poster

33 posts since May 2010

Reputation Points: 10

Solved Threads: 0

variable syntax

This question has already been solved