Passing variables from php to mysql query and displaying
Can anyone tell me how to pass the php values $value_aid and $value_tradeid to my sql query res3 please ?
<?php
//error_reporting(E_ALL);
///////////////////////Connect to the database and close the connection when finished///////////////////////////////
include ("dbconnect.php");
///////////////////////////////// Gather and Display area_id //////////////////////////////
$res=mysql_query("SELECT area_id FROM pc_test WHERE postcodes = '".$_POST['postcode']."'");
while ($row = mysql_fetch_array($res))
{
// This works !!
//echo("$row[area_id]");
$value_aid="$row[area_id]";
echo("$value_aid");
}
////////////////// Gather and Display postcodes relating to area_id ////////////////////////
$res3=mysql_query("SELECT trade_id FROM trade WHERE trade_type = '".$_POST['trade_type']."'");
while ($row3 = mysql_fetch_array($res3))
{
// And this works !!
echo("\n$row3[trade_id]");
$value_tradeid="$row3[trade_id]";
}
/**************************************** Gather the query information ********************************************/
//************!!!!!!!!!!!!!!!! This part does not work as the variable values are not being passed !!!!!!!!!!!**********//
$res2=mysql_query("SELECT first_name, last_name, phone_mobile, postcode, trade_type FROM customer WHERE area_id = '$value_aid' && trade_id = '$value_tradeid'");
/**************************************** DISPLAY QUERY RESULTS HERE *********************************************/
while ($row2 = mysql_fetch_array($res2))
{
echo("<TABLE align='center' border = '1' bgcolor = 'A7E3F6'><TH><strong>SEARCH RESULTS<strong></TH>");
echo("<TR><TD><strong>Name :<strong>\n$row2[first_name]\n$row2[last_name]</TD></TR>");
echo("<TR><TD><strong>Phone :<strong>\n$row2[phone_mobile]</TD></TR>开发者_JAVA技巧");
echo("<TR><TD><strong>Postcode :<strong>\n$row2[postcode]</TD></TR>");
echo("<TR><TD><strong>Trade Type :<strong>\n$row2[trade_type]</TD></TR></TABLE>");
}
/*********************** If no matching records in my table...DISPLAY MESSAGE HERE ******************************/
if (mysql_num_rows($res2) == 0) {
echo ("<strong><br><br>No one is advertising for this area just yet, sorry.<br>We will have tradesmen advertising here very soon.</strong>");
}
//include ("db_close.php");
?>
first of all, dont pass variables you get from the user (_POST, _GET, ...) directly into Database queries without escaping them (e.g. mysql_real_escape_string($_POST['name']) this leads to massive security problems (SQL Injection)
to assign a variable with the value of a nother variable you simply use:
$value_tradeid = $row['trade_id'];
Variables doesnt need to be capsuled as strings, but array keys should !
On the queries which dont work, why you dont escape the strings, like you have done in the others obove.
$res2=mysql_query("SELECT first_name, last_name, phone_mobile, postcode, trade_type FROM customer WHERE area_id = '".$value_aid."' && trade_id = '".$value_tradeid."'");
you should also read about PDO and Prepared Statements.
精彩评论