468,315 Members | 1,445 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,315 developers. It's quick & easy.

Passing variables (I think) ??

I have below a quite simple php page which queries a database table of all
records and outputs the result. However on this page I only output 3 of the
fields and I would like to click on a particular row which would then bring
up a detail page (which displays all the fields (perhaps 10 or more) of that
record).

Do I create another php file called detail.php which includes the line:
$sql = 'SELECT * FROM `link` WHERE link_id = $id;

and then alter the echo line below to something like:
echo "<TR><TD><a
href=detail.php?link_id=$id</TD><TD>$title</TD><TD>$description</TD></TR>";

which would then pass the variable $id into the sql statement in detail.php.
??

Any advice on the next steps would be welcome.

Cheers

Phil
<html>
<body>
<?php

// listrecords.php
// lists brief details of records (1 record per row)

$localhost = 'localhost';
$username = 'username';
$password = 'password';
$database = 'database';

$dbconnection = mysql_connect($localhost, $username, $password);
if (! $dbconnection)
{
die ("Couldn't connect to MySQL");
exit;
}

$db=mysql_select_db($database, $dbconnection);
if (!$db)
{
echo "Could not select database";
exit;
}

$sql = 'SELECT `link_id`,`title`,`description` FROM `links` LIMIT 0, 30';

$mysql_result=mysql_query($sql,$dbconnection);
$num_rows=mysql_num_rows($mysql_result);

if ($num_rows == 0) {
echo "Sorry, we have no records";
}
else
{

echo "<TABLE ALIGN=\"CENTER\" BORDER=\"1\">";
echo "<TR><TH>Record ID</TH><TH>Title</TH><TH>Description</TH></TR>";

while ($row=mysql_fetch_array($mysql_result))
{
$id=$row["link_id"];
$title=$row["title"];
$description=$row["description"];

echo "<TR><TD>$id</TD><TD>$title</TD><TD>$description</TD></TR>";

}
}
?>
</TABLE>
</body>
</html>
Jul 17 '05 #1
4 1243

Phil Latio wrote:
I have below a quite simple php page which queries a database table of all records and outputs the result. However on this page I only output 3 of the fields and I would like to click on a particular row which would then bring up a detail page (which displays all the fields (perhaps 10 or more) of that record).

Do I create another php file called detail.php which includes the line:

yes, that is a way
$sql = 'SELECT * FROM `link` WHERE link_id = $id;
this is not so good, because:

1. if register_globals is off (which it should be), $link_id gets not
automatically registered. use $_GET['link_id']

2. $_GET['link_id'] is user submitted data, so never ever trust it.
validate. i suppose your id's are integers, so using
(int)$GET_['link_id'] forces anything that is sent into an integer,
which in the worst case is just 0.
and then alter the echo line below to something like:
echo "<TR><TD><a

href=detail.php?link_id=$id</TD><TD>$title</TD><TD>$description</TD></TR>";

yes, like that.

micha

Jul 17 '05 #2
> > $sql = 'SELECT * FROM `link` WHERE link_id = $id;

this is not so good, because:

1. if register_globals is off (which it should be), $link_id gets not
automatically registered. use $_GET['link_id']

2. $_GET['link_id'] is user submitted data, so never ever trust it.
validate. i suppose your id's are integers, so using
(int)$GET_['link_id'] forces anything that is sent into an integer,
which in the worst case is just 0.


Many thanks for replying.

Are you suggesting something along these lines?

$specific_link = (int)$_GET['link_id'];
$sql = 'SELECT * FROM `link` WHERE link_id = $specific_link;

Cheers

Phil
Jul 17 '05 #3

Phil Latio wrote:
$sql = 'SELECT * FROM `link` WHERE link_id = $id;


this is not so good, because:

1. if register_globals is off (which it should be), $link_id gets not automatically registered. use $_GET['link_id']

2. $_GET['link_id'] is user submitted data, so never ever trust it.
validate. i suppose your id's are integers, so using
(int)$GET_['link_id'] forces anything that is sent into an integer,
which in the worst case is just 0.


Many thanks for replying.

Are you suggesting something along these lines?

$specific_link = (int)$_GET['link_id'];
$sql = 'SELECT * FROM `link` WHERE link_id = $specific_link;

Cheers

Phil

yes.

general.php contains

<a href=detail.php?link_id=YOUR_INT_VALUE>link</a>

and detail.php copntains the above code.

micha

Jul 17 '05 #4
> yes.

general.php contains

<a href=detail.php?link_id=YOUR_INT_VALUE>link</a>

and detail.php copntains the above code.

micha


Thanks again.

Cheers

Phil
Jul 17 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

7 posts views Thread by Matthew Robinson | last post: by
1 post views Thread by Consuelo Guenther | last post: by
7 posts views Thread by Khai | last post: by
5 posts views Thread by Shawn Northrop | last post: by
6 posts views Thread by coool | last post: by
reply views Thread by NPC403 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.