Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
hi all i'm having issues with this returned function. I can get it to
delete a database but i really want it to grab the stateselect
extention and grab all the cities related to that state. I wanted to
contain this on one page instead of going over multiple pages which i
can do. Sorry if this doesn't make much sense i'm a newbie.. below is
the code. the isset($_get  is where i have the issues. any help would
be appreciated.


    $dbcnx = @mysql_connect('localhost', 'root', '');
    if (!$dbcnx) {
      die( '<p>Unable to connect to the ' .
           'database server at this time.</p>' );
    // Select the hotel database
    if (! @mysql_select_db('uniguest') ) {
      die( '<p>Unable to locate the Hotel List ' .
           'database at this time.</p>' );

$result = @mysql_query('SELECT DISTINCT state FROM hotelList ORDER by
    if (!$result) {
      die('<p>Error performing query: ' .
          mysql_error() . '</p>');
    while ( $row = mysql_fetch_array($result) ) {
      echo(' | <a href="' . $_SERVER['PHP_SELF'] . '?stateSelect=' .
$row['state'] . '">' . $row['state'] . '</a>');

        // Select the hotel database
    if (! @mysql_select_db('uniguest') ) {
      die( '<p>Unable to locate the Hotel List ' .
           'database at this time.</p>' );

    if (isset($_GET['stateSelect'])) {
    $state2 = $_GET['stateSelect'];
    $query = mysql_query("SELECT * FROM hotelList WHERE state='$state2'
ORDER by name")
    or die (mysql_error());
     $name = $row['name'];
      } else {
        echo('<p>Error: ' .
             mysql_error() . '</p>');


Re: $_server[php_self]

Mikey P:
Quoted text here. Click to load it

First off I wanted to suggest you do some reading on PHP Security as  
your application falls victim to an input validation failure.  Anytime  
you get data from a user IE: $_GET, $_POST, $_COOKIE, $_REQUEST,  
$_SERVER you need to check that the data you are getting is right...
Read the PHP Security Guide: http://phpsec.org/projects/guide/

Also your code is quite ugly...  Work on formatting and not hiding  
errors.  Fix them first not hide them.  In production you should log  
your errors instead of allowing them to be displayed to the browser.  
Also you only need to select the database once, and you should reuse  
variables when they make sense to.

When inserting data into mysql use mysql_real_escape_string

Now onto fixing your code:

Mike Willbanks
Zend Certified Engineer

Site Timeline