Perform below MySQL query, after that you can fetch each record as an array using PHP functions such as mysql_fetch_array (in numeric form or field name as key)
Thanks but it is not exactly clear on how to retrieve thread_id and forum_id.
Let's say I want to make the variable $threadid = the thread_id in the database and the $forumid = the forum_id in the database, how can I do this?
Sorry I never used MySQL before.
$result = mysql_fetch_array(mysql_query("select * from unk_posts where post_id='POST ID HERE'"));
$result[TABLE HEAD] = CELL DATA
$result[forum_id] = forum id
$result[thread_id] = thread id
Thank you very much I have now completed my feature on my forum.
This explains a lot to me how MySQL works as well so thanks
don't forget to use mysql_real_escape_string() for any string variables you might put into your query.
"SELECT * FROM `database` WHERE `whatever` = '.mysql_real_escape_string($string_variable).'" A failure to follow this very important habit will cause your scripts to be open to mysql injection attacks. (i.e. I could slip a delete query inside of your select query if you didn't escape it.) What I'm saying is, get into the habit now.
This is only for strings though, for integers you should be safe doing (int)$id or int_val($id) within your query.
Oh, so for reals I have to do this:
Am I right?
generally here's what I have for a query like that:
I'm not sure if it's actually necessary, but in my mind it sits as a good habit. (int) set the variable type to integer, so no string injection can be done. Also remember that in php you shouldn't call a variable inside a string, and you can't call a function inside a string. You should break the string and "add" (.) it.
in other words (using your example):
Wrong: $result = mysql_fetch_array(mysql_query("select * from unk_posts where post_id=intval($Post_ID)"));
Right: $result = mysql_fetch_array(mysql_query("select * from unk_posts where post_id=".intval($Post_ID)));
Also to be noted: I was incorrect it's intval() not int_val()
The mysql_ functions are actually outdated. You should almost always use PDO instead, because it abstracts the actual database used making your code portable, and properly escapes input data.
I appreciate the advice though I stick with this as I finally know how it works
Thanks, I have applied all you said. It works flawless and is probably safe.
I am using these features more often now to create a lot more functions. All based around the things I learned in this thread