"Dimitri Marshall" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > "Sophie Mattoug" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Paul Duggan wrote: > > > > >if I create a text box: > > > > > ><body> > > > > > ><form action="nextpage.html" method="GET" name="myform"> > > > > > > <input type="Text" name="surname" align="TOP" size="25"><br> > > > > > > <input type="Submit" value="Submit" align="MIDDLE"> > > > > > ></form> > > > > > > > > >how do I go about extracting a surname from a mysql database? > > > > > > > > > > > >will it be something along the lines? > > > > > >select firstname,surname > > >from employees > > >where surname = textbox.surname; > > > > > > > > > > "SELECT firstname, surname FROM employees WHERE surname = > > '{$_GET['surname']}'" > > You might also want to do it this way... > > "SELECT firstname, surname FROM employees WHERE surname = > \"{$_GET['surname']}\"" > > Just in case their name is something like O'Neil, it won't interfere with > your script. >
An even better way is this //process the surname, add slashes $surname = addslashes($_GET['surname']); //make the query $sqlquery = "SELECT firstname, surname FROM employees WHERE surname = '$surname'"; This makes sure that if there is signs like " or ', they will be escaped ;-) > Good luck, > Dimitri Marshall > > > > > > > > >new to this so im trying to get my head around it, basically i just want > to > > >search a mysql database by someones surname. > > > > > >cheers! > > > > > > > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php