Forum Moderators: open
I have everything i need figured out apart from one thing
Basically I have my Index.php page and that will display all the results in a list
Jason (ID = 1)
John (ID = 2)
Bob (ID = 3)
This is the link im using
<?php
echo '<a href="template.php?id='.$row['id'].'>'.$row
['name'].'</a>'; ?>
I even have the link set up so that when i click it, it takes me to template.php?id=1 etc
When a user clicks a link (jason for example) I want it to automatically bring up the information from the ID number 1
What im having trouble with is the code on my template page.
I cant seem to figure out how to get it to use the ID number from the address bar and get those results for that ID.
<?php
// Retrieve all the data from the "example" table
$result = mysql_query("SELECT * FROM example")
or die(mysql_error());
// store the record of the "example" table into $row
$row = mysql_fetch_array( $result );
// Print out the contents of the entry
echo "Name: ".$row['name'];
echo " Age: ".$row['age'];
?>
Any help with this would be much appreciated
Thanks in advance
----
Gorsain
Long story short: verify the input from get is actually a number, this will stop attempts to abuse this variable for mySQL injection.
First is not to use the same names for your variables as field names, Hence,
echo '<a href="template.php?rec='.$row['id'].'">'.$row['name'].'</a>';
(Note also you missed the closing quote on the href)
<?php
// presuming you have database connection stuff here
if ($_GET['rec'] > 0) {
// Retrieve just the data for what's in $_GET from the "example" table
$query = "select * from example where id=" . $_GET['rec'];
// No query quotes required, numeric field
$result = mysql_query($query) or die(mysql_error());
// store the record of the "example" table into $row
$row = mysql_fetch_array( $result );
// Print out the contents of the entry
echo "Name: ".$row['name'];
echo " Age: ".$row['age'];
}
else { echo "Invalid record id supplied"; }
?>
Made my day.
Gorsain
