redbishop — 2013-09-10T09:34:25-04:00 — #1
I have a query which retrieves information from 2 tables. My WHERE statement receives its value from a URL on another page:
WHERE fname = '$name' ";
Instead of using a primary key (e.g., name_id = 1) in my query and URL, I've used another column's name – fname, in order to make the URL easier to read. The problem however, is that by using a column that's not a primary key, I'm unable to a access the specific rows in my “child” table (primary - foreign key relationship).
So, should I rather use 2 key-value pairs in my query and URL, instead of what I'm currently doing?
WHERE fname = '$name' && name_id='$nameid'”;
Or is there a simpler way or perhaps I'm missing something?
Please let me know.
Thanks in advance!
r937 — 2013-09-10T11:08:47-04:00 — #2
no idea if there's a simpler way, as you haven't really shown us your table layouts
but yes, using two WHERE conditions will solve it
p.s. don't use &&, use AND instead
redbishop — 2013-09-10T14:58:08-04:00 — #3
thank you for your help.
I think I solved the problem by adding USING (column name) to the query.
spacephoenix — 2013-09-10T15:09:44-04:00 — #4
Is the value being sanitized? if it isn't you leave your app vulnerable to an SQL Injection attack. This page from the PHP Manual explains what an SQL Injection Attack is.
r937 — 2013-09-10T15:14:31-04:00 — #5
please show your actual query