As you can see, there's probably no reason why it shouldn't be working. I don't know what else I can do, any ideas? Any help is appreciated!
All I am trying to do, is view check if the value entered at the end of the url, matches one that is in the database (and yes, it IS in the database. :) Thank you
<?php
$keyword = substr($_SERVER['REQUEST_URI'],11);
if($_REQUEST['action'] == "link")
{
$keyword = $_POST['keyword'];
$link = $_POST['link'];
$connection =
mysql_connect("my01..com","h","h") or die(mysql_error());
if($connection)
{
mysql_select_db("mysql_17902_h", $connection);
mysql_query(
"INSERT INTO mysql_17902_h.links (
link,
keyword) VALUES (
'".$link."',
'".$keyword."')") or die(mysql_error());
$state = true;
}
}
else
{
if(!empty($_POST))
{
print_r($keyword);
$connection =
mysql_connect("my01.h.com","h","h") or die(mysql_error());
if($connection)
{
mysql_select_db("mysql_17902_h") or die(mysql_error());
$result = mysql_query("SELECT link FROM links WHERE keyword = $keyword")
or die(mysql_error());
$row = mysql_fetch_array($result);
$outsy = $row['link'];
}
$state = true;
}
}
?>
Try rewriting your code so it's more legible:
$link = mysql_real_escape_string($_POST['link']);
$keyword = mysql_real_escape_string($_POST['keyword']);
$sql = <<<EOL;
INSERT INTO mysql_17902_h.links (link, keyword)
VALUES ('$link', '$keyword')
EOL;
mysql_query($sql) or die(mysql_error());
Note the use of mysql_real_escape_string() to prevent SQL injection attacks, and surrounding the variables with single quotes within the SQL string. You've neglected to do so here:
$result = mysql_query("SELECT link FROM links WHERE keyword = $keyword") or ...
^^^^^^^^
No quotes around a text-type field is a syntax error. As well, at that point in the code, $keyword contains whatever the substr() call at the top of the script returned, so make sure that substr call actually does what you're intending.