Home/ Questions/Q 3626664
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T23:47:28+00:00

As you can see, there’s probably no reason why it shouldn’t be working. I

  • 0

As you can see, there’s probably no reason why it shouldn’t be working. I don’t know what else I can do, any ideas? Any help is appreciated!

All I am trying to do, is view check if the value entered at the end of the url, matches one that is in the database (and yes, it IS in the database. 🙂
Thank you

The code:

<?php

$keyword = substr($_SERVER['REQUEST_URI'],11); 
    if($_REQUEST['action'] == "link")
    {
        $keyword = $_POST['keyword'];
        $link    = $_POST['link'];

        $connection =
               mysql_connect("my01..com","h","h") or die(mysql_error());

        if($connection)
        {
         mysql_select_db("mysql_17902_h", $connection);

         mysql_query(
                 "INSERT INTO mysql_17902_h.links (
                   link,
                   keyword) VALUES (
                    '".$link."',
                      '".$keyword."')") or die(mysql_error());

            $state = true;
        }
    }
    else
    {
        if(!empty($_POST))
        {
            print_r($keyword);
            $connection =
                   mysql_connect("my01.h.com","h","h") or die(mysql_error());


            if($connection)
            {


                mysql_select_db("mysql_17902_h") or die(mysql_error());
           $result = mysql_query("SELECT link FROM links WHERE keyword = $keyword")
           or die(mysql_error());

           $row = mysql_fetch_array($result);
               $outsy = $row['link'];

           }
           $state = true;
           }

    }
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Try rewriting your code so it’s more legible:

    $link = mysql_real_escape_string($_POST['link']);
$keyword = mysql_real_escape_string($_POST['keyword']);

$sql = <<<EOL;
INSERT INTO mysql_17902_h.links (link, keyword)
VALUES ('$link', '$keyword')
EOL;

mysql_query($sql) or die(mysql_error());

    Note the use of mysql_real_escape_string() to prevent SQL injection attacks, and surrounding the variables with single quotes within the SQL string. You’ve neglected to do so here:

    $result = mysql_query("SELECT link FROM links WHERE keyword = $keyword") or ...
                                                              ^^^^^^^^

    No quotes around a text-type field is a syntax error. As well, at that point in the code, $keyword contains whatever the substr() call at the top of the script returned, so make sure that substr call actually does what you’re intending.

    • 0