Hi all,
I am working on a project.
On the php page, I am linking to a list of ip addresses which are already in my database.
The url will be something like
domain.com/view.php?ip=61.167.34.179

In view.php
I have the following sql

$connect = @mysql_query($sql,$connection) or die(mysql_error());
$sql = "SELECT * FROM 'profile' WHERE ip = $_Get[ip]";
while ($row = mysql_fetch_array($result)) {
$record = $row['record'];
$cat = $row['cat'];
$sub = $row['subcat'];
$creator = $row['creator'];
$mtitle = $row['maintitle'];
$murl = $row['mainurl'];
$dtitle = $row['directtitle'];
$durl = $row['directurl'];
$descript = $row['descript'];
$requires = $row['requires'];
$tech = $row['techniques'];
$thumb = $row['thumb'];
$large = $row['large'];
$ip = $row['ip'];
if ($thumb !="") {
    $img = "<a href=\"$large\" target=_blank><img src=\"$thumb\" width=113 height=85 border=0><br>
Click to Enlarge</a>";
}
else {
$img = "<img src=\"http://domain.com/none.jpg\" width=113 height=85><br>";
}
$result= the information which I will echo in the body, just cutting this off here so as not to take up too much space on dinaweb

Whenever I go to the page, view.php with the generated link on the prior page, I get an error "Query was empty".

As a trouble shoot, I echo the $_GET[ip] and the correct ip does show up.

I then, logged into my server, and went to my database and ran the same query in the database, but, I changed the $_GET[ip] to the actual ip address. I was posed with an error, until I realized that I should put a single quote mark around the ip address.

So, I figured that, perhaps this was my issue to begin with.

Now, I have tried several things with my php page, to get the single quote to pass through to the sql statement, but, it just doesn't do it.

Can anyone help me with this? Is there something wrong with the fact that I have "TEXT" as the field type in the database? also the Collation is set to latin1_swedish_ci and I don't understand what to do with collation.

Any help?
thanks so much
Sage

Edited 3 Years Ago by Dani: Formatting fixed

This one doesn't work, I looked up information at php.net too regarding the real escape.
http://us2.php.net/mysql_real_escape_string

This didn't get me there either.

One example showed something similar to

$sql = "SELECT * FROM 'profile' WHERE ip = '{$_GET['ip']}'";
mysql_query($sql);

Which also gives me a "query was empty".

I would assume that this is possible. Perhaps a better way for me to do this is somehow change the way I log the ip address?

Perhaps a small explination would help.
My website is a sort of community run site. I am the only admin to it, but users have the ability to submit information to the database.

The problem is that there is some spam going on, and today, I had to get rid of over 400 records, many of which were from the same ip address. I then block these ip addresses.

I want to be able to list all entries by ip address so that I can delete those entries in one chunck and then ban the ip address from the site.

The only issue is that, if that ip address happened to have added a valid entry at one point, I don't want to delete that particular entry.

I monitor all entries before they are added for the general public to view, so, it's just a matter of convenience for me.

Take a look at www.an8search.com to see what I am talking about, you will notice that clicking on "submit" will allow you to add a submition to the site.

Thanks for trying to help sorry it didn't work though.
Sage

get or post is posting method. u gotta request after posting if not on the same source

$sql = "SELECT * FROM 'profile' WHERE ip =
$_request[ip]";

Just noticed you had the wrong case for "$_GET" here

$sql = "SELECT * FROM 'profile' WHERE ip = $_Get[ip]";

Try

$sql = "SELECT * FROM 'profile' WHERE ip = '".$_GET['ip']."'";

None of this is working still.
Faith, I understand how to use "request", and my question wasn't really how to pass a variable within the url, since I know how to do that.

It's just that ip adress is being passed in the url, the sql statement isn't working properly with pulling the information out of the database.

I am using PHP 4.4.7
and MySql 4.0.27-standard-log

I know that there are newere versions of php and mysql, but it's hosted on a server which I have no control over.

This is just getting weird, I think I will just give each new ip address it's own id number of my own and then pull it out that way.
Sage

Well, I tried a small test program doing exactly the same thing with the above statement (with ip field defined as Text in mysql) and it worked just fine. Not sure where the breakdown is occurring for you, but as you mention, using older versions of php and mysql may be the case.

$record = $row['record'];
$cat = $row['cat'];
$sub = $row['subcat'];
$creator = $row['creator'];
$mtitle = $row['maintitle'];
$murl = $row['mainurl'];
$dtitle = $row['directtitle'];
$durl = $row['directurl'];
$descript = $row['descript'];
$requires = $row['requires'];
$tech = $row['techniques'];
$thumb = $row['thumb'];
$large = $row['large'];
$ip = $row['ip'];

--->>>

extract($row);
Comments
Extremely informative

Shawn, I didn't quite understand what your post was trying to tell me.

Ezz, I am going to assume that the older versions of PHP and MySql are causing my issues. I contacted my server admins and asked when they will be upgrading to the newer versions, they said it will be mid december. I think I can hold off til then for this.

This is really something that will just make my life admining my site, a lot easier, but, oh well.
Thanks for the help though.

You can replace all of that repetitive superfluity with that one line( extract($row); ).

What extract does is take all of the first level elements of the array and creates variables out of them. IE.

Array // lets call the array TestArray
(
    'Test' => 'Blah'
)

extract($TestArray);
echo $Test; // Would print 'Blah'

Ok, so, extract ($row) would actually take each field name and give them the variable $fieldname?

Holy crap, you don't know how much time this can save me... LOL.

Learn something new every day. I hope I got that right, I shall try it out.
Thanks
Sage

This article has been dead for over six months. Start a new discussion instead.