Question PHP

  • psilvaj_12
  • Newbie
  • Newbie
  • psilvaj_12
  • Posts: 9

Post 3+ Months Ago

Hi,

I'm a beginner in the PHP world. I am trying to make a page and wanted to do something that I do not find in my research.
I have a variable that is entered by the user ($IF)and then have to go see a table which describes the result.
Can I have this variable in a database and their description and when the variable is generated the description appear? Otherwise I'll have to put the whole table.

How can I do this, please.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • steve101
  • Beginner
  • Beginner
  • steve101
  • Posts: 35

Post 3+ Months Ago

Where is it entered? A form?

If so, you would have something like this..

PHP Code: [ Select ]
$if=$_POST["formfield"] //Set $if = whatever the user enters
$query=mysql_query("SELECT description FROM table WHERE field='$if'");
//Get Result From the database
$result=mysql_fetch_array($query);
//Show the field result - description
echo $result[0];
 
  1. $if=$_POST["formfield"] //Set $if = whatever the user enters
  2. $query=mysql_query("SELECT description FROM table WHERE field='$if'");
  3. //Get Result From the database
  4. $result=mysql_fetch_array($query);
  5. //Show the field result - description
  6. echo $result[0];
  7.  
  • spork
  • Brewmaster
  • Silver Member
  • User avatar
  • Posts: 6252
  • Loc: Seattle, WA

Post 3+ Months Ago

Steve, what happens when someone submits the following text in the form field:

Code: [ Select ]
'; DROP TABLE `table`;--


Always sanitize inputs first.

PHP Code: [ Select ]
mysql_real_escape_string($if);

Post Information

  • Total Posts in this topic: 3 posts
  • Users browsing this forum: No registered users and 126 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.