I have the following code created by someone else, and though it seems like the variables are passed, nothing is returning in the results set; The page: http://www.libraries.uc.edu/research/subject_resources/art/db/index.php... then do a search. Here is the code on the results page below (edited slightly for length). I have a feeling it's quotes and such, but have been overlooking something!
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
if (isset($_GET['stval'])) {
$stval_Recordset1 = (get_magic_quotes_gpc()) ? $_Get['stval'] : addslashes($_Get['stval']);
}
if (isset($_GET['stval'])) {
$stval_Recordset1 = $_GET['stval'];
}
if (isset($_GET['sq'])) {
$sq_Recordset1 = $_GET['sq'];
}
mysql_select_db($database_daap_photo, $daap_photo);
$query_Recordset1 = sprintf("SELECT * FROM main WHERE %s = %s ", GetSQLValueString($stval_Recordset1, "text"),GetSQLValueString($sq_Recordset1, "text"));
$Recordset1 = mysql_query($query_limit_Recordset1, $daap_photo) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
?>
then in the body:
<?php print_r($_GET);
if(isset($_GET["stval"])) echo "stval is set\n";
if(isset($_GET["sq"])) echo "sq is set\n";
?>
<table width="100%" border="0" cellpadding="2" cellspacing="2">
<tr bgcolor="#CCCCCC">
<td colspan="4" bgcolor="#FFFFFF"><h1>Art</h1>
<h2>Photography Images Slide Collection -Search Results </h2>
<p align="left" class="style1">Your search returned <strong></strong> records.<br />
|<br />
</p>
<p align="left" class="style1">Your search returned no results. Please
use your browsers back button to search again. </p>
<p> First | Previous | Next | Last<br />
<br />
</p></td>
<td bgcolor="#FFFFFF"> </td>
</tr>
<tr bgcolor="#CCCCCC">
<td bgcolor="#CCCCCC"><p><strong>Last Name </strong></p>
</td>
<td bgcolor="#CCCCCC"><strong>First Name </strong></td>
<td bgcolor="#CCCCCC"><strong>Dates</strong></td>
<td bgcolor="#FFFFFF"> </td>
<td bgcolor="#FFFFFF"> </td>
</tr>
<tr bgcolor="#CCCCCC">
<td bgcolor="#FFFFFF"> </td>
<开发者_如何学JAVAtd><strong>Nationality</strong></td>
<td><strong>Subject</strong></td>
<td><strong>Quantity</strong></td>
<td><strong>Media</strong></td>
</tr>
<?php do { ?>
<tr>
<td class="bold"><?php echo $row_Recordset1['LAST_NAME']; ?></td>
<td><?php echo $row_Recordset1['FIRST_NAME']; ?></td>
<td><?php echo $row_Recordset1['DATES']; ?></td>
<td> </td>
<td> </td>
</tr>
etc....
Thanks!
Try to change query to
SELECT * FROM main WHERE %s = '%s'
精彩评论