| Velocd |
04-22-2004 10:40 PM |
Do you mean the result is blank, or that it's not ordering the way you want it to?
Also never EVER place queries within a mysql_fetch_array loop, unless you want to call massive amounts of un-needed queries on your page. A simple LEFT JOIN in your first query can solve this.
Oh, if you had released this as a hack, people would get pissed to find out you left it easily open to MySQL injection. Never insert a direct $_REQUEST/$_GET/$_POST into a query, one could exit the query and call another statement to do malicious things, like drop your database. The vBulletin globalize() function is the first step to securing variables, and the second is to use addslashes() on ANY STRING VARIABLE inside a query.
Also, it's unnecessary to put single quotes around integer values in a SQL string. Reserve them for strings.
Bad:
PHP Code:
while($entry= $DB_site->fetch_array($fentries))
{
$count= $DB_site->query_first("SELECT COUNT(*) AS comments FROM ".TABLE_PREFIX."journal_comments WHERE journal_id='".$_REQUEST['j']."' AND entry_id='".$entry['entry_id']."'");
Good
PHP Code:
// this will explicitly cast 'j' as an int, and you can now use it as $j
globalize($_REQUEST, array(
'j' => INT
));
$fentries = $DB_site->query("
SELECT journal_entries.entry_id, journal_entries.entrytitle,
journal_entries.entrytext, journal_entries.entrydate,
journal_entries.entry_totalvotes, journal_entries.entry_totalrating,
journal_entries.private, journal_entries.whocanview,
COUNT(journal_comments.*) AS comments
FROM ".TABLE_PREFIX."journal_entries
LEFT JOIN journal_comments
USING (journal_id)
WHERE journal_id=$j
AND entry_active=1
ORDER BY entrydate ASC
");
while ($fentry = $DB_site->fetch_array($fentries)
{
echo "Number of comments in this journal: $fentry[comments]";
}
This assumes your `journal_comments` has a `journal_id` field. |
More Information