0

so, i am trying to display the value of movie_id using movie name by getting the name from textblock(html). But the page displayed is blank and if i add a name manually in the query e.g name="skyfall" instead of the variable the result is displayed. 

include './connection.php';

$movie_tf=$_POST['movie_tf'];

$getMovieIdQuery="SELECT movie_id FROM MOVIE WHERE name='$movie_tf'";
$query=  mysql_query($getMovieIdQuery);

if (!$query){
    echo 'error' .  mysql_error($dbconn);
}

    $getMovieIdQueryFetchRow=  mysql_fetch_row($query);
    echo $getMovieIdQueryFetchRow[0];


mysql_close($dbconn);

html form:

<form action="operations.php" method="GET">
            Movie:<input type="text" name="movie_tf"/> </br>
            <input type="submit" value="submit"/>
        </form>
Improve this question
9
  • well something obviously failed, some unknown force Commented Mar 8, 2016 at 21:36
  • You should use prepared statements (php.net/manual/en/pdo.prepared-statements.php) to prevent SQL injection. Anyway. What is displayed in your browser console (or log file) ? Commented Mar 8, 2016 at 21:37
  • just a sql depricated warning is displayed. But it does display the wanted result when i add a name of the movie manually instead of the variable. is my query syntax correct with the variable? @Seblor Commented Mar 8, 2016 at 21:40
  • 3
    If you're getting the deprecated notice you should learn about prepared statements for PDO and MySQLi and consider using PDO, it's really pretty easy. Commented Mar 8, 2016 at 21:42
  • 1
    ^ the unknown force Commented Mar 8, 2016 at 21:46

1 Answer 1

Reset to default
1

You're using method="GET" for your form and then a POST array $_POST['movie_tf']

Either use method="post"

or $_GET['movie_tf'] the choice is yours.

  • Both the method and array type must match.

and strangely enough, you would not have gotten errors for it neither.

  • I learned that lesson the hard way once.

Your present code is open to SQL injection. Use mysqli_* with prepared statements, or PDO with prepared statements.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

bingo! #unknownForce
@NelsonJohn hehe yeah... that what the missing link ;-) Cheers
@NelsonJohn Cheers :-)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.