Joining two columns with filtering by ID

Question

I need to join two columns from my database, and filter by postID so that I can use URL parameter postid. The code below doesn't work, but I don't know how to change it. Suggestions?

$colname_join = "-1";
if (isset($_GET['postID'])) {
  $colname_join = $_GET['postID'];
}

mysql_select_db($database_connection, $connection);
$query_join = sprintf("SELECT * FROM image inner join post on post.postimage = image.imagename WHERE postID = %s", GetSQLValueString($colname_join, "int"));
$join = mysql_query($query_join, $connection) or die(mysql_error());
$row_join = mysql_fetch_assoc($join);
$totalRows_join = mysql_num_rows($join);

score 0 · Answer 1 · answered Mar 23 '14 at 14:13

0

$sql  = "SELECT *
        FROM image
        INNER JOIN post ON post.postimage = image.imagename
        WHERE postID = %s". GetSQLValueString($colname_join, "int")";

answered Mar 23 '14 at 14:13

underscore

6,495
6
39
78

score 0 · Answer 2 · edited May 23 '17 at 12:05

0

I think you may want to read that article : How can I prevent SQL injection in PHP?

$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name');

$stmt->execute(array('name' => $name));

foreach ($stmt as $row) {
    // do something with $row
}

The selected answer shows you how to make a query with variable parts, and safe from sql injections.

edited May 23 '17 at 12:05

Community

1
1

answered Mar 23 '14 at 14:37

David Khuu

937
3
10
21

score 0 · Answer 3 · answered Mar 23 '14 at 14:49

I believe you have wrong column name postID in sql query:

$query_join = sprintf("SELECT * FROM image inner join post on post.postimage = image.imagename WHERE postID = %s", GetSQLValueString($colname_join, "int"));

Change it to right column name that is present in table post, for example, if it's post.id column:

$query_join = sprintf("SELECT * FROM image inner join post on post.postimage = image.imagename WHERE post.id = %s", GetSQLValueString($colname_join, "int"));

Joining two columns with filtering by ID

3 Answers3