Results 1 to 3 of 3
Thread: Struggling with a For Each Loop
Sep 5, 2011, 08:32 #1
- Join Date
- Sep 2011
- 0 Post(s)
- 0 Thread(s)
Struggling with a For Each Loop
ok so I am having a bit of a dilema - I am trying to build a list of Primary Categories and Secondary categories sitting underneath the relevant Primary.
- High Heels
- Gym Shoes
It has all gone ok I have built the list of Primary categories (the query for which lives in a controller file else where that calls in the file I am about to show).
This is the page that the code generates Search although currently has an echo of the query in it.
#2486457 - Pastie
My problem is (I think) - that this query does not seem to work.
$secresult = mysqli_query($link, "SELECT secondarytubes.categoryname FROM secondarytubes INNER JOIN primarytubes ON primaryid = primarytubes.id WHERE primaryid = '$primaryCatid' ");
I personally think it is the $primaryCatid at the end as if I change this to a numerical value to represent an id eg. 1 and run it through my database directly it all works.
Anyway been on with this almost all day and stuck.
Sep 5, 2011, 08:46 #2
- Join Date
- Jul 2005
- West Springfield, Massachusetts
- 146 Post(s)
- 1 Thread(s)
If $primaryCatid is numeric, why is it inside quotes?
Sep 5, 2011, 14:37 #3
- Join Date
- Aug 2008
- The Netherlands
- 136 Post(s)
- 2 Thread(s)
MySQL :: MySQL 5.5 Reference Manual :: 5.3.1 General Security Guidelines
A common mistake is to protect only string data values. Remember to check numeric data as well. If an application generates a query such as SELECT * FROM table WHERE ID=234 when a user enters the value 234, the user can enter the value 234 OR 1=1 to cause the application to generate the query SELECT * FROM table WHERE ID=234 OR 1=1. As a result, the server retrieves every row in the table. This exposes every row and causes excessive server load. The simplest way to protect from this type of attack is to use single quotation marks around the numeric constants: SELECT * FROM table WHERE ID='234'. If the user enters extra information, it all becomes part of the string. In a numeric context, MySQL automatically converts this string to a number and strips any trailing nonnumeric characters from it.
Anyway, are you sure $primaryCatid has a value, i.e. have you tried
Rémon - Hosting Advisor
Minimal Bookmarks Tree
My Google Chrome extension: browsing bookmarks made easy