I am trying to get the results for a specific race at a specific meet.
raceresult.php?meet=<i>August Meet</i>&race=<i>Allowance Fillies 2yo</i>
The meet and race are showing up from the first query and some of the results show. For example:
THIS ONE WORKS
raceresult.php?meet=meet=2013 OJCR Australian Derby&race=Allowance - 9f on turf 3yo
DOES NOT WORK
raceresult.php?meet=2009 Gulfstream Park Grand Opening Meet&race=Flying Stakes - Grade I, 3 yr old+, 8F on dirt
Are there any characters causing an error in the second example? I can go through and fix that issue pretty easily but I'm not really sure what is keeping that URL from working while the other one works great.
My code is as follows.
<?php
$sql = "SELECT * FROM racing WHERE `meet` = '$meet' LIMIT 1";
$query = mysql_query($sql) or die( mysql_error() . "<br />" . $sql );
while($row = mysql_fetch_array($query)){
$date= $row['date'];
echo "<h2><strong>$meet</strong> ($date)</h2>";
echo "<b>$race</b><br>";
}
?>
<?php
$sql = "SELECT * FROM racing WHERE `meet`='$meet' and `race`='$race' ORDER BY place";
$query = mysql_query($sql) or die( mysql_error() . "<br />" . $sql );
while($row = mysql_fetch_array($query)){
$place= $row['place'];
$horse= $row['horse'];
$farm= $row['farm'];
echo"$place. $horse owned by $farm";
}
?>
As a starting point, when creating the GET variables for the URL, they should be passed through urlencode to convert the spaces into something that can be used.
Once in the script on this page, use urldecode to replace the encoded characters with their normal ones. (This bit might not be required - try it)
Then pass them through mysql_escape_string to make them play nice and lower the chance of SQL injection.
Try echoing the created $sql string to the screen or a log so that you can see exactly what is being attempted. This will help with making sure the GET variables are coming through correctly. Also, you can try running this SQL directly in a MySQL session to check that your SQL is correct.
Finally, stop using mysql_ functions - they're deprecated. mysqli_ or PDO is the way to o
Your second URL is probaby incorrect, because + in a URL is decoded to a space character. You need to encode that + as %2B instead, so it'll be treated as a literal +, not a space character.
Since it's being mangled to space character, your query string will NEVER match, because you'll be comparing:
database: ... Grade I, 3 yr old+, 8F ...
query : ... Grade I, 3 yr old , 8F ...
^---note the space