0

Hi..is this a correct SQL statement to display details of a record from
table and column that is variable

$query= (SELECT * FROM $_GET['$tablename'] . "' WHERE id = '" . $_GET[' $row2[$cols'] . "' ;

the id and table were passes correctly on the URL but the error is displayed in the above code.

thank you

2
Contributors
3
Replies
4
Views
8 Years
Discussion Span
Last Post by cwarn23
0

Try this.

$query= 'SELECT * FROM `'.mysql_real_escape_string($_GET[$tablename]).'` WHERE `id` = "'.mysql_real_escape_string($_GET[$row2[$cols]]).'"';
0
$query= 'SELECT * FROM ' . $_GET[$tablename] . ' WHERE id = ' . (int) $_GET[$row2[$cols]] . ';' ;

I have changed it to the above statement..but there is an error as well
mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\.......

another issue is..
since the record comes from different table at different time..how could I specify the output.

if it is fix, we can code like this.

echo '<input  name="subject" readonly="readonly" value="', $entry['subject'] , '" /><br />';
0

Try making your mysql query line something like the following to see what error is reported.

$somevariable=mysql_query($query) or die(mysql_error());
if (mysql_num_rows($somevariable)==0) {
die ('There are no rows, thats the problem');
}
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.