Hey there

I'd appreciate some help with variables please.

Problem

I have a search function on a site I'm building and would like to have it so that a user can click on a search result to see more columns from that row on the db, if you see what I mean. The best way seems to be to open a new page on which to display more detail on the chosen search result.

I express it like this

echo '<a href="newpage.php?w=' . $row['value'] . '">' . $r['value'] . '</a>';

That part works fine.

The problem is this - when I click through to the new page, all rows on the db are shown i.e. the search is made, result x is returned, click on x and in newpage.php x y and z (i.e. all rows) are displayed.

How do I structure things so that only x (and any other columns from row x that I choose) are displayed?

I'm thinking that I should be able to limit what it displayed with the SELECT but can't seem to find the right syntax to finish it off properly. Currently I have this on newpage.php

$query = "SELECT * FROM pro_words".$_SESSION['where clause'];  

$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_array($result)){

echo '<center>' . $_GET['w'] . '</center> ';	
echo $row['word'] ;

}

I have defined the $_SESSION on search.php as

$_SESSION['word'] = $row['word']

Is that on the right lines?

I know a little PHP, enough to know where the problem is but not quite enough to solve the problem. I've not found an answer yet after hours of googling!

Any help/guidance/code would be really appreciated.

Thanks in advance.

change

$query = "SELECT * FROM pro_words".$_SESSION['where clause'];  

to

$query = "SELECT * FROM pro_words WHERE value = " . $_GET['w'];  

Never ever use external data without sanitizing it first. That is, cast integers and floats to (int) and (float) respectively, and pass anything else through mysql_real_escape_string().

You can break up your query over several lines

$query =
"SELECT
*
FROM
pro_words
WHERE
value = " .
$_GET['w'];

if you're not otherwise able to locate the indicated place for the syntax error,which seems to be missing string literal quotes, since it would then tell you "... on line 7"

you should not execute sql statement if the case is isset($_GET['w']) == false

anoopmail;10986672 wrote:

you should not execute sql statement if the case is isset($_GET['w']) == false

I'm trying to work out why I'm getting an SQL syntax error next to WHERE (thanks Johanafm for that tip).

Silly question maybe, should I use isset to set the variable to be used in the SELECT on newpage.php?

Let me rephrase my question - is there an error in your solution or is the syntax error message suggesting another problem?

I really appreciate your help so far and would appreciate it very much if you could help me iron out this last problem.

Thanks much

isset() function is not for setting variable, it checks the variable present or not. So the idea is to build and execute the query only when a url parameter is present. Let me know am I making sense.

anoopmail;10986724 wrote:

isset() function is not for setting variable, it checks the variable present or not. So the idea is to build and execute the query only when a url parameter is present. Let me know am I making sense.

You're making sense.

I got this resolved by fiddling with your code a bit.

The SQL error stemmed from a misnamed variable.

This is the code that got it working.

$query = "SELECT * FROM pro_words WHERE word ='".$_GET['w']."'";

Thanks for your help - much appreciated.