This page has a variable (aucname2) passed to it, it should then use that as the value for the sql statement. But it keeps telling me that value is being used as the column and then of course telling me that column doesn't exist
<?php
$auc = $_GET['aucname2'];
$db_name = "auctionfinal";
$table_name = "auctions";
$connection = @mysql_connect("auctionfinal.db.6084638.hostedresource.com","xxxxx", "xxxxx") or die(mysql_error());
$db = @mysql_select_db($db_name, $connection) or die(mysql_error());
$sql = "SELECT * FROM $table_name WHERE `aucname` = $auc";
$result = @mysql_query($sql, $connection) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_array($result)) {
$aucname3 = $row['aucname'];
$seller = $row['seller'];
$price = $row['price'];
$start = $row['start'];
$end = $row['end'];
$nbids = $row['nbids'];
$category = $row['category'];
$link = "pagename.php?aucname=$aucname";
$display_block = "Auction Name - $aucname3
Seller - $seller
Price - $price
Start Date - $start </br>
End Date - $end
# bids - $nbids
Category - $category
<p> ------------------ </p>";
}
echo "$display_block";
}
?>
Change this line:
$sql = "SELECT * FROM $table_name WHERE aucname = $auc";
to
$sql = "SELECT * FROM $table_name WHERE aucname = '$auc'";
Since $auc
is a string, it needs to be enclosed in quotes, otherwise MySQL will try to look for the value of that variable as a column name.
Also, you should probably use mysql_real_escape_string()
on $auc
first because otherwise you will be vulnerable to SQL injection.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.