-4

In my case ... one variable is coming from other page through get variable And i have to compare this with existing variable of my choice but my technique is not working Help me if someone can. I want to compare coming get variable with nursery..but when i try this could not ... thanks in advance 

<?php
include('config.php');
  $results =@$_GET['results'];

  $id =$_GET['id'];

 if ($results=="Nursery")
{
$qqqs = mysql_query("select * from result where u_id='$id'   sc='Nursery' ");

$rows=mysql_fetch_assoc($qqqs);
$a=$rows['u_id'];
$b=$rows['name'];
$c=$rows['fname'];
$d=$rows['reg'];
$e=$rows['sc'];
$f=$rows['ss'];
$g=$rows['se'];
$h=$rows['e1'];
$i=$rows['u1'];
$j=$rows['m1'];
$k=$rows['s1'];
$l=$rows['ss1'];
$m=$rows['i1'];
$n=$rows['e2'];
$o=$rows['u2'];
$p=$rows['e3'];
$pp=$rows['u3'];
echo "<html>
<head>
<link href='bootstrap/css/bootstrap.css' rel='stylesheet' >
<link href='bootstrap/css/bootstrap.min.css'  rel='stylesheet'>
<link href='bootstrap/css/bootstrap.theme.css' rel='stylesheet' >
<link href='bootstrap/css/bootstrap-theme.min.css' rel='stylesheet' >
</head>
<body>
 <table align='center' border='4' bgcolor='white' width='500' class='table table-bordered'>
 <tr>
  <td bgcolor='orange' colspan='3'><h2 align='center'>Leads Grammer School</h2></td>
  </tr>
   <tr>
  <td bgcolor='yellow' colspan='3'><h2 align='center'>Academic Performance Record Year 2014</h2></td>
  </tr>
  <tr>
<td align='right'>Student's Name:</td>
<td colspan='2'>$b</td>
</tr>
<tr>
<td align='right'>Father's Name:</td>
<td colspan='2'> $c</td>

</tr>
<tr>
<td align='right'>Registration NO:</td>
<td colspan='2'>$d</td>
</tr>
<tr>
<td align='right'>Student Class:</td>
<td colspan='2'>$e</td>
</tr>
<tr>
<td align='right'>Exams:</td>
<td colspan='2'>$f</td>
</tr>
 <tr bgcolor='gray'>
 <th>Subject Name</th>
 <th>Obtained Marks</th>
 <th>Grades</th>
 </tr>
 <tr>
 <tr ><td>English(Writing)</td>
 <td> $g</td>

 </tr>
 <tr>
 <tr ><td>Urdu(Writing)</td>
 <td>$h</td>

 </tr>
 <tr>
<tr ><td>Math(Writing)</td>
 <td> $i</td>

 </tr>
<tr><th align='center' colspan='3' bgcolor='orange'>General Knowledge</th></tr>
 <tr>
 <tr ><td>Science</td>

 <td> $j</td>

</tr>
<tr>
<tr ><td>S.Studies</td>
<td>$k</td>
</tr>

<tr>
<tr ><td>Islamiat</td>
<td>$l</td>
</tr>

<tr><th align='center' colspan='3' bgcolor='orange'>Poems</th></tr>
<tr>
<tr ><td>English </td>
<td> $m</td>
</tr>

<tr>
<tr ><td>Urdu</td>
<td>$n</td>
</tr>

<tr><th align='center' colspan='3' bgcolor='orange'>Book Reading</th></tr>
<tr>
<tr><td>English </td>
<td>$o</td>
</tr>

<tr>
<tr >
<td>Urdu</td>
<td>$p</td>
</tr>";
}
?>
Fred
  • 3,324
  • 1
  • 19
  • 29
Umair Khan
  • 1
  • 3

2 Answers2

0

I want to compare coming get variable with nursery

But then you are comparing with Nursery

if ($results=="Nursery")

Are you aware that that comparison is case-sensitive?

Also that code is poor. It should simply be

$results=isset($_GET['results']) ?  $_GET['results'] : NULL;

Do not use error suppression when you are learning something new.

And Oh, How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
Hanky Panky
  • 46,730
  • 8
  • 72
  • 95
  • 1
    Since you're documenting all his mistakes, his SQL call is also invalid: "select * from result where u_id='$id' sc='Nursery' " he needs an AND in there. – Mark Nov 03 '14 at 15:19
  • @Mark Exactly, [`which was the first thing I said to the OP...`](http://stackoverflow.com/questions/26716992/how-to-compare-two-variables-in-php#comment42024006_26716992) – Funk Forty Niner Nov 03 '14 at 15:28
  • @Fred-ii- I saw, I just figured since he was shooting for a 'complete' answer he should try to stick that in there somehow. – Mark Nov 03 '14 at 15:29
  • @Mark I decided not to put in an answer, because questions like these tend to open up a proverbial "can of worms". OP just stated above *" in both it did not working"*, so am wondering why OP said that yet accepted the answer. Saw the error of his/her ways? lol I don't think so. OP is putting comments under the other answer as we speak. – Funk Forty Niner Nov 03 '14 at 15:31
  • @Fred-ii- That's fair enough. I don't think the OP here quite gets the idea - but I always shoot for making the best answer the most complete answer, so that subsequent readers understand that they need to take the time to debug their code and remove the 'cheap' stuff (like a bad SQL statement) before they ask a question. – Mark Nov 03 '14 at 15:34
  • 1
    No Problem.. i am just beginner and you people are just making laugh together..no matters – Umair Khan Nov 03 '14 at 15:36
  • @Mark You and I think the same way. The more complete an answer, the better. I tend to slip in an occasional "as an insight" for potential future issues. Now OP is asking how to do it via a "switch". You see..., I was right about the "can of worms". I'm so glad I didn't put in an answer, I'd of been haggled to death lol – Funk Forty Niner Nov 03 '14 at 15:37
  • @UmairKhan Actually, your question could have been avoided entirely, had you read and understood how SQL and PHP work including how to debug code. Voted to close. – Funk Forty Niner Nov 03 '14 at 15:39
0

You should try to use the filter functions if you don't use a framework. You are putting the value from id straight into a query unescaped. That is a SQL injection waiting to happen. 

$results = filter_input(INPUT_GET, "results", FILTER_UNSAFE_RAW);
$id = filter_input(INPUT_GET, "id", FILTER_VALIDATE_INT);

if (
    0 === strcasecmp($results, "Nursery")
    && is_int($id)
) {
    $qqqs = mysql_query("select * from result where u_id='$id' AND sc='Nursery' ");

    //...
}

If you use integers in a query you have to KNOW they are integers. If you use strings you have to properly escape them. Or use prepared statements.

OIS
  • 9,833
  • 3
  • 32
  • 41