Problem with SELECT

Hi,

I have a page with a link

?>">

that does to a page with a SELECT

$query = "SELECT * FROM news WHERE writer='$SubCat' ";

But it is not pulling any data from the database. If I do this
$query = "SELECT * FROM news WHERE writer='Bob Smith' ";
works great??

also
the ULR reads -
Contributor.php?action=&SubCat=Bob%20Smith
so I know the link is correct ....

but for the life of me I can't figure out whats wrong with the SELECT
statement?

If anyone can help me with this I would be forever in your Debt.

Thanks

here is the complete Contributor.php script.


PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

alt="logo">

Search our archives:

src="../Images/Athlete.gif" border="0" alt="AthleteMonth">
alt="AthleteMonth">

Susan smith

Your News

$query = "SELECT DISTINCT cat FROM news";
$result = mysql_query($query)
or die ("no can do.");
while($row = mysql_fetch_array($result))
{
?>



}
?>


"> $row["cat"];?>


------------------------

Visit our Sponsor

{Left}

News

$query = "SELECT * FROM news WHERE writer='$SubCat' ";
$result = mysql_query($query)
or die ("no can do.");
while($row = mysql_fetch_array($result))
{
?>









}
?>

	Issue:
$abc = ($row["article"]); $abc=substr($abc,0,400); echo $abc; ?> ......

Re: Problem with SELECT

bokke schrieb:
> Hi,
>
> I have a page with a link
>
> > ?>">
>
> that does to a page with a SELECT
>
> $query = "SELECT * FROM news WHERE writer='$SubCat' ";

You are sure register_globals is on? Anyway it is recommended to use
$_GET['SubCat'].

> But it is not pulling any data from the database. If I do this
> $query = "SELECT * FROM news WHERE writer='Bob Smith' ";
> works great??
>
> also
> the ULR reads -
> Contributor.php?action=&SubCat=Bob%20Smith

So you have one record with 'Bob Smith' and another one with 'Bob%20Smith'?

Some recommendations:
- use urlencode() and urldecode() if you send GET data that could
contain any characters beyond a-z, A-Z and 0-9
- always pre-process transmitted data before putting them into the
database; also google for "SQL injectin" and "E-mail injection"
- regarding your HTML, use validator.w3.org to check it, and don't use a
strict XHTML doctype if you don't write strict XHTML.
- regarding posting, your message appears as a reply to an old thread in
my newsreader - was that your intention?

--
Markus

Re: Problem with SELECT

Markus Ernst wrote:
> bokke schrieb:
> > Hi,
> >
> > I have a page with a link
> >
> > > > ?>">
> >
> > that does to a page with a SELECT
> >
> > $query = "SELECT * FROM news WHERE writer='$SubCat' ";
>
> You are sure register_globals is on? Anyway it is recommended to use
> $_GET['SubCat'].
>
> > But it is not pulling any data from the database. If I do this
> > $query = "SELECT * FROM news WHERE writer='Bob Smith' ";
> > works great??
> >
> > also
> > the ULR reads -
> > Contributor.php?action=&SubCat=Bob%20Smith
>
> So you have one record with 'Bob Smith' and another one with 'Bob%20Smith'?
>
> Some recommendations:
> - use urlencode() and urldecode() if you send GET data that could
> contain any characters beyond a-z, A-Z and 0-9
> - always pre-process transmitted data before putting them into the
> database; also google for "SQL injectin" and "E-mail injection"
> - regarding your HTML, use validator.w3.org to check it, and don't use a
> strict XHTML doctype if you don't write strict XHTML.
> - regarding posting, your message appears as a reply to an old thread in
> my newsreader - was that your intention?
>
> --
> Markus

Sorry - that was not my intention ...
as to your question - I only have a 'Bob Smith' but when the PHP looks
for it - it places %20 instead of the spaces i believe.

as to your other points - i'm looking them us as we speak.

thanks