By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,400 Members | 1,335 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,400 IT Pros & Developers. It's quick & easy.

Assigning a value to a sql query

P: 10
I have a cms site and all the main pages are driven from a template.

Each different property page picks up the unique property id number, like below.

Expand|Select|Wrap|Line Numbers
  1. <input type="hidden"    name="listing_number"    value="20161"    />
If I use this sql command how do I change the part "127" for the "value=" above, so it connects with the correct property id in the database? Do I use "listing_number" or "value" and do I use quotes, double or single? Os something different?

Expand|Select|Wrap|Line Numbers
  1. $sql = mysql_query("SELECT photo_id, photo_caption_1, photo_listing
  2.         FROM listing_photo
  3.         WHERE photo_listing = 127
  4.         ORDER BY `photo_status_main` <> 'main'
  5.         LIMIT 10");
Mar 12 '10 #1
Share this Question
Share on Google+
5 Replies

Expert 100+
P: 1,584
What exactly are you wanting to do? I don't understand what you said.

In order to get list_number's value to the server, the form that the input element is in must be submitted.

is that 20161 value hard-coded and you're trying to pull photos from the DB with it?
Mar 12 '10 #2

Expert 5K+
P: 5,058

That depends on how the form is submitted. Does the <form> have a method="post"? - If it does, you use the $_POST super-global to read the values it sends you, if not, you use the $_GET super-global. (You can bypass this and just use the $_REQUEST super-global, but it is generally better to be more specific than that.)

The way you use that is; the "name" attribute of the <input> element will become the name of the element inside the $_POST or $_GET arrays.

So to get your variable, you would do something like:
Expand|Select|Wrap|Line Numbers
  1. $listing_number = $_GET['listing_number'];
Which you could use in your SQL query.

To make it a bit safer, however, you should add a bit of verification. (See SQL Injection for why this is necessary.)
Expand|Select|Wrap|Line Numbers
  1. // Test to see if the element actually exists.
  2. if(isset($_POST['listing_number'])) 
  3. {
  4.     // By prefixing the $_POST with (int), we tell PHP that we want
  5.     // nothing but whole numbers from it. This makes sure that no
  6.     // malicious string can be injected into the SQL query. 
  7.     $listing_number = (int)$_POST['listing_number'];
  8. }
  9. else 
  10. {
  11.     // Exit the code with an error message.
  12.     die("Invalid listing_number!");
  13. }
Mar 12 '10 #3

P: 10
Sorry, Im not submitting a form

I am trying to pull photos from a db

The 20161 number is unique to each property page and its the only thing I can see on the page with the unique number on.

I am trying to get the pictures from the db on the property page template. So if I add this...

$sql = mysql_query("SELECT photo_id, photo_caption_1, photo_listing
FROM listing_photo
WHERE photo_listing = 127
ORDER BY `photo_status_main` <> 'main'
LIMIT 10");
and the rest of the php code thats working. How do I tell the "WHERE phot_listing =" to look for the listing_number?

Is it as simple as...

$sql = mysql_query("SELECT photo_id, photo_caption_1, photo_listing
FROM listing_photo
WHERE photo_listing = 'listing_number'
ORDER BY `photo_status_main` <> 'main'
LIMIT 10");
Mar 12 '10 #4

Expert 5K+
P: 5,058
Ok. Then I too am having a hard time following what you are trying to do.

Is this unique property number in the database somewhere?

Well, since it is being printed into the HTML, it is fair to assume it is inside the database somewhere. Could you show us the structure of the table that contains the unique property number?
Mar 12 '10 #5

P: 10
Hi Atli

Sometimes im not sure of the terminology.

Yes, the number is in the database and corresponds with a curtain property details such as prices, pictures, description etc. It is unique for each property. It is constant thruout all the tables.

So when a certain property page is opened, all the relevant details are shown for that property number on the webpage.

So the unique number is what im trying to add to my sql script, so when I put the picture scrip on the page, it automaticly selects to correct property number and shows the correct pictures.

This all works off one script, I just need to figure out what to add after "WHERE phot_listing ="

Regards M

Hope that makes more sence
Mar 12 '10 #6

Post your reply

Sign in to post your reply or Sign up for a free account.