By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,607 Members | 1,970 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,607 IT Pros & Developers. It's quick & easy.

Problem with displaying tables

P: 4
This code works fine for most searchs and displays fine. But when a few fields are searched (only one comes to mind) it gives me a msql error on what would be line 11 here.

[PHP]$result = mysql_query("SELECT * " . "FROM $_POST[table] " ."WHERE $_POST[col_select] = $_POST[search_text]");
echo "<table border='1'> <tr>";
$dataQuery=mysql_query("SELECT * FROM $_POST[table]"); $TableFieldCount = mysql_num_fields($dataQuery);
for ($Fcount=0; $Fcount<$TableFieldCount; $Fcount++)
{
$field2= mysql_fetch_field($dataQuery, $Fcount);
$fieldname2= $field2->name;
echo"<th>".$fieldname2."</th>";
}
echo "</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
for ($Fcount=0; $Fcount<$TableFieldCount; $Fcount++)
{
$field3= mysql_fetch_field($dataQuery, $Fcount); $fieldname3= $field3->name;
echo"<td>".$row[$fieldname3]."</td>";
}
echo "</tr>";
}
mysql_free_result($dataQuery);[/PHP]
Aug 6 '07 #1
Share this Question
Share on Google+
3 Replies


kovik
Expert 100+
P: 1,044
You put POST data directly into your queries? No cleaning, no verification, nothing? Not only can that cause SQL syntax errors, but it is a huge security risk.

What error are you getting?
Aug 6 '07 #2

P: 4
I am learning as I go here, but any recomendations on how to make it safer are appreciated (even though this is for a intranet).

I get:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource

All other queries work unless I am searching this one field.
Aug 6 '07 #3

kovik
Expert 100+
P: 1,044
I am learning as I go here, but any recomendations on how to make it safer are appreciated (even though this is for a intranet).
isset()
mysql_real_escape_string()

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource

All other queries work unless I am searching this one field.
Do you check that $result is a valid result?

is_resource()

Do you check to make sure your queries are successful?

mysql_error()


Programming isn't just about programming how things will work if they go right, but also handling *everything* that could possibly go wrong.
Aug 6 '07 #4

Post your reply

Sign in to post your reply or Sign up for a free account.