0

I am trying to make a team name shown from a URL pulling information from my database regarding that team

<?
$query = "select * from teams where 
name='".$mysqli->real_escape_string($_REQUEST['name'])."'";

$result = $mysqli->query( $query );
$row = $result->fetch_assoc();

$id   = $row['id'];
$name = $row['name'];
$lon  = $row['lon'];
$lat  = $row['lat'];
$distance = $row['distance'];
$postcode = $row['postcode'];
$phone    = $row['phone'];
 ?>

This worked fine until I put a second team name in the database and now all pages shows that name

the URL is http://domain.com/team.php?name=Test%20TeamA

and its showing Test TeamB and not the required one above

I have checked this on 2 pc's just to make sure its not something wrong with my form i used to put the data into my database or any values hanging about in my browser

why is this doing it?

SQL DUMP

--
-- Table structure for table `teams`
--

CREATE TABLE IF NOT EXISTS `teams` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `name` varchar(20) NOT NULL,
  `lat` varchar(32) NOT NULL,
  `lon` varchar(32) NOT NULL,
  `distance` varchar(20) NOT NULL,
  `postcode` varchar(20) NOT NULL,
  `phone` varchar(20) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `name` (`name`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;

--
-- Dumping data for table `teams`
--

INSERT INTO `teams` (`id`, `name`, `lat`, `lon`, `distance`, `postcode`, `phone`) VALUES
(1, 'Test TeamA', '52.483038', '0.178962', '12.9', 'PE15 0JJ', ''),
(3, 'Test TeamB', '52.45645', '0.823423', '12', '', '01231223');
Rick Skeels
  • 513
  • 1
  • 11
  • 30
  • 3
    What do you see if you `echo $query;`? – Nick Coons Feb 03 '14 at 15:10
  • 1
    Try echoing `$_REQUEST['name']`. Why not use `$_GET` or `$_POST`, depending on which method your form is using? The [difference](http://stackoverflow.com/questions/1924939/php-request-vs-get-and-post) – Matthew Johnson Feb 03 '14 at 15:11
  • select name, id from teams ORDER BY name ASC @NickCoons – Rick Skeels Feb 03 '14 at 15:11
  • 1
    @Rick Nash why does that query have no `WHERE` clause? It looks like it's selecting all rows, and then you're only fetching the first. – Jeff Lambert Feb 03 '14 at 15:12
  • 1
    Can you provide a dump of your table? – Johni Feb 03 '14 at 15:13
  • 1
    As an aside, please look up PDO and use prepared statements when interacting with a database. A single forgotten `mysql_real_escape_string` and your website is blown open by hackers. – Phylogenesis Feb 03 '14 at 15:17
  • 1
    @RickNash The query that you provided doesn't match at all with your `$query` variable in your question. – Nick Coons Feb 03 '14 at 15:18
  • @Phylogenesis thanks i will look into that :), this is a learning project for me. – Rick Skeels Feb 03 '14 at 15:19
  • @NickCoons yes i have searched for that query and not on the page at all :( it must be somewhere on here though right? – Rick Skeels Feb 03 '14 at 15:20
  • 1
    @RickNash Did you post all of the code for the page? Is there anything missing? Any includes? Where did you put the `echo $query`? – Nick Coons Feb 03 '14 at 15:21
  • i have deleted all other php from the page and it still happened but found the issue i was including to a test page and that had the error. – Rick Skeels Feb 03 '14 at 15:24

1 Answers1

0

This is not the idea answer for a question like this but please see all the replies under my question

In my case it was a error on another page that i was including on my page

My best advice is to do what NickCoon had commented

echo $query;

to see the query that is being used. then strip all your page down to eliminate the issue

Rick Skeels
  • 513
  • 1
  • 11
  • 30