SARUAV SARUAV - 3 months ago 18
PHP Question

Mysql query issue with search

With my previous profile view, it would grab the searched ID and display it using this query:

$dn = mysql_query('select firstname, lastname, age, id, background from users where id="'.$id.'"');




How ever, with my current one which is to view a event page via the searched url. So the url is socialnetwk so

$dn = mysql_query('select eventname, about, url, comment, post, msg, member_id, author_id, id from events where url="'.$id.'"');



Where the search for that one will be:
http://www.socialnetwk.com/aHjrhuykLKJbBhjlHJKlkefuhoiughasoiHBOIuyhbgfDilhub/event.php?id=socialnetwk

I'm unsure how to fix this, because I've used sequel Pro and it seems I need ' ' around the url name. How ever I haven't got a clue how to include this in the query

The URL is a column, not an actual URL

Here is the code:

<?php
//We check if the users ID is defined
if(isset($_GET['id']))
{
$id = intval($_GET['id']);
//We check if the user exists
$dn = mysql_query('select eventname, about, url, comment, post, msg, member_id, author_id, id from events where url="'.$id.'"');
if(mysql_num_rows($dn)>0)
{
$dnn = mysql_fetch_array($dn);
//We display the user datas
if($dnn['id']!='')
{
}
else
{
echo 'This user dont have an avatar.';
}
?>



Answer

Updated to match your edited code:

In the case of using a prepared statement:

<?php
        //We check if the users ID is defined
        if(isset($_GET['id'])){
                $id = intval($_GET['id']);
                //We check if the user exists
                $dn = 'select eventname, about, comment, post, msg, 
                       member_id, author_id, id from events where url=?';
                if($stmt=$dbc->prepare($dn)){
                $stmt->bind_param('s',$id); //your URL is a string
                $stmt->execute();  //returns false if fails
                $stmt->bind_result($eventname, $about, $comment, $post, 
                       $msg, $member_id, $author_id, $id); //don't need to 
                                 //bind the url, since you already know it
                $stmt->fetch();
                $stmt->free_result();

                if($stmt->num_rows>0) {
                        //We display the user datas
                    echo "$eventname, $about, $comment ..."; // the bound results
                }
          $stmt->close();
          $dbc->close();
         }
        if($dnn['id']!=''){
              // do something here
        } else {
                echo 'This user dont have an avatar.';
        }

?>

This assumes $dbc is your database connection.

*NOTE, you change the $_GET['id'] value to an integer, but it is also a URL (string). This needs to be reconciled for your code to work well *

Comments