Logo
Login
Welcome, Guest.
Login | Register

Mysql Problem!

Please log in to post.
Watch thread
Started by samuelqwe
23 Oct 2012 21:50
Avatar By samuelqwe (30)
On 23 Oct 2012 21:54

I am trying to do a page that show an adoptables stats.
adoptable.php :

<title>Adopt Monster - Adoptable</title>
<?php
session_start();
require_once("connect.php");
$row = mysql_query("SELECT * FROM adoptables WHERE owner='".$_GET[id]."' ");
echo 'Adoptable : ';
echo $row[name];
echo '</br>';
echo $row[image];
?>
<img src="/adoptables/img/<?php echo $row[image];?>" alt="<?php echo $row[name];?>"></br>
<?php
echo 'Adoptable belongs to : </br>';
?>
<a href="/useradopts.php?username=<?php echo $row[owner]; ?>"><?php echo $row[owner]; ?></a></br>
<a href="/index.php">Home</a>



if i go to adoptable.php?id=1 it does not show anything except the text.
Sam
Avatar By CallumJones (19)
On 24 Oct 2012 00:01

Screenshot your database please.
Ash's to ash's, dust to dust.
Avatar By 11Drago (684)
On 24 Oct 2012 02:52

I see your problem. You forgot mysql_fetch_array. It should be:

$row=mysql_fetch_array(mysql_query("SELECT * FROM adoptables WHERE owner='variable here'"));
...
Avatar By CallumJones (19)
On 24 Oct 2012 12:29

/closed
Ash's to ash's, dust to dust.
Avatar By samuelqwe (30)
On 24 Oct 2012 22:30

ok thanks!
Sam
Avatar By lilwayne1556 (522)
On 24 Oct 2012 23:37

With $_GET['id'] use mysql_real_escape_string($_GET['id']) To prevent hacking
Avatar By samuelqwe (30)
On 26 Oct 2012 20:29

but how does the mysql real escape string thingy work?
Sam
Avatar By lilwayne1556 (522)
On 26 Oct 2012 21:36

It makes it like this... Lets say you have something being inputted like


It's a me!

This wouldn't work it would give a error because of the '... What that function does is makes it this


It's a me!

This will pervent hacking because the insert script would be like ...''DELETE TABLE members'' ANd boom your site is done...
Avatar By Skittles (1292)
On 27 Oct 2012 03:28

Do not use mysql_real_escape_string() It's a deprecated function and provides you with essentially no protection if someone actually wants to hack you.

Search up a tutorial on MySQLi or (preferably) PDO. Query parameterization and prepared statements are the way to go.
It's my job to help the next generation, and set a good example for them. And for that I'll gladly lay down my life.
Avatar By LinkZelda (1070)
On 15 Nov 2012 15:59

Shouldn't session_start() go before all code? You have the title tag before session_start().
Hate is such a weak emotion
Avatar By M.J kInG (1334)
On 16 Nov 2012 18:57

The distinguished LinkZelda spake:
Shouldn't session_start() go before all code? You have the title tag before session_start().


Correct LinkZelda Session_start(); does come first at the top.


Here complete example of the finally version of the script


<title>Adopt Monster - Adoptable</title>
<?php
session_start();
require_once("connect.php");
$GetAdop = mysql_query("SELECT * FROM adoptables WHERE owner='".$_GET[id]."' ");
$row = mysql_fetch_array($GetAdop);
echo 'Adoptable : ';
echo $row[name];
echo '</br>';
echo $row[image];
?>
<img src="/adoptables/img/<?php echo $row[image];?>" alt="<?php echo $row[name];?>"></br>
<?php
echo 'Adoptable belongs to : </br>';
?>
<a href="/useradopts.php?username=<?php echo $row[owner]; ?>"><?php echo $row[owner]; ?></a></br>
<a href="/index.php">Home</a>




This should answer you question, Plus Skittle gave you some tips on how to protect your script.
A true developer
Home Forum Home
Nintendo 3DS is ™ Nintendo Co. Ltd. This website is ©2009-2024 HullBreach Studios. All rights reserved. Members are responsible for their own content. No account information will be given to third-parties without your consent.