Hi..is this a correct SQL statement to display details of a record from
table and column that is variable

$query= (SELECT * FROM $_GET['$tablename'] . "' WHERE id = '" . $_GET[' $row2[$cols'] . "' ;

the id and table were passes correctly on the URL but the error is displayed in the above code.

thank you

Recommended Answers

All 3 Replies

Try this.

$query= 'SELECT * FROM `'.mysql_real_escape_string($_GET[$tablename]).'` WHERE `id` = "'.mysql_real_escape_string($_GET[$row2[$cols]]).'"';
$query= 'SELECT * FROM ' . $_GET[$tablename] . ' WHERE id = ' . (int) $_GET[$row2[$cols]] . ';' ;

I have changed it to the above statement..but there is an error as well
mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\.......

another issue is..
since the record comes from different table at different time..how could I specify the output.

if it is fix, we can code like this.

echo '<input  name="subject" readonly="readonly" value="', $entry['subject'] , '" /><br />';

Try making your mysql query line something like the following to see what error is reported.

$somevariable=mysql_query($query) or die(mysql_error());
if (mysql_num_rows($somevariable)==0) {
die ('There are no rows, thats the problem');
}
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.