How to fix this MySql select problem?

$_GET['id'] = $id1;
$result = mysql_query("SELECT * FROM example WHERE id = '$id1'");
while ($row = mys开发者_如何转开发ql_fetch_array($result)) {
   //some code
}

Why isn't this code working? It doesn't obey the id='$id2' bit. It gets everything from table example.

How can I fix it?

^{The example table contains id,text,time rows. The file name is example.php?id=1.}

shouldn't that be $id1 = $GET['id'] ?

But you should watch out because your code is vulnerable to SQL injection attack, someone could query a crafted url like example.php?'; delete from example;

Is $_GET['id'] = $id1; supposted to be $id1 = mysql_real_escape_string($_GET['id']);?

will this work for you ? Its been a long time since i used php the last time...

$id1 = $_GET['id']; 
$result = mysql_query("SELECT * FROM example WHERE id = '$id1'"); 
while($row = mysql_fetch_array($result)) 
{ 
    //some code 
}

• Did you mean $id1 = $_GET['id'];?
• Where did you protect yourself from SQL injection?
• Why is all your code on one line?
• Please don't write signatures/thanks in your posts.

If id is a numeric field on your table, try removing quotes:

"select * from example where id = $id1"

And of course:

$GET['id'] = $id1;

Should be:

$id1 = $GET['id'];

Shouldn't it be $id1 = $_GET['id']; instead of $_GET['id'] = $id1;?

$id1 = $_GET['1'];
$id1 = (int)$id1;
$result = mysql_query("SELECT * FROM example WHERE id = $id1 "); 

Try Doesn't use *

Try call real names of poles like tablename.user_name,tablename.user_login