hello -
trying to pass variable through url from the database query.
i query and store the id in $id and put that in: -
<a href="list.php?Id=$Id"><img src="<?php echo $row_list['photo']; ?>
-
i've used an echo statement to ensure that the variable is set and it is.
Its just not being passed as a variable to the next page. in the url it shows -
http://domain.com/list.php?Id=$Id
-
how do i get this to set in the url?
i've used a get method to clean and get the variable. -
if(isset($_GET['Id'])) {
-
$Id = htmlspecialchars($_GET['Id']);
-
}
-
-
<a href="list0.php?Id=$Id&PicId=$pic_Id"><img src="<?php echo $row_list['Photo']; ?>" height="120" width="120" align="middle" />
-
i have the pic_Id set from another query on this page. the ending result should be:
grab the id from page one, user clicks on the link and that id is passed to page 2 and displays other images passed on that id that was passed, and stores the album id and picture id with the image in the hyper link.
i know that the query works just trying to get the variable to work.
thanks in advance for you help.
theo werntz
13  3297 
code executed by PHP marked bold - <a href="list.php?Id=$Id"><img src="<?php echo $row_list['photo']; ?>
everything else is simple HTML text
@Dormilich
Expanding on what Dorm said: You may have defined the variable $Id somewhere, but that's irrelevant because you're not invoking the PHP parser to output the variable: <?php echo $Id; ?>
Mark.
so should i create a hidden html row and echo it their? because i have echoed it within the initial table data and it is being echoed correctly its just not being inserted into the url string variable when i click the link.
here is my code from the first page -
<?php require_once('list.php'); ?>
-
<?php
-
if (!function_exists("GetSQLValueString")) {
-
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
-
{
-
if (PHP_VERSION < 6) {
-
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
-
}
-
-
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
-
-
switch ($theType) {
-
case "text":
-
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
-
break;
-
case "long":
-
case "int":
-
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
-
break;
-
case "double":
-
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
-
break;
-
case "date":
-
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
-
break;
-
case "defined":
-
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
-
break;
-
}
-
return $theValue;
-
}
-
}
-
-
$maxRows_List = 10;
-
$pageNum_List = 0;
-
if (isset($_GET['pageNum_List'])) {
-
$pageNum_List = $_GET['pageNum_List'];
-
}
-
$startRow_List = $pageNum_List * $maxRows_List;
-
-
mysql_select_db($database_List, $List);
-
$query_List = "SELECT a.Id as Id, a.Name as Album, a.Date as Date, d.Pic as Picture FROM List a, ManyList b, Title c, Data d WHERE b.aId=a.Id and a.Id=c.aId and c.Id=d.tId and a.Def='Y' and d.Def='Y'
-
and b.UserId='1'";
-
$query_limit_List = sprintf("%s LIMIT %d, %d", $query_List, $startRow_List, $maxRows_List);
-
$List = mysql_query($query_limit_List, $List) or die(mysql_error());
-
$row_List = mysql_fetch_assoc($List);
-
-
if (isset($_GET['totalRows_List'])) {
-
$totalRows_List = $_GET['totalRows_List'];
-
} else {
-
$all_List = mysql_query($query_List);
-
$totalRows_List = mysql_num_rows($all_List);
-
}
-
$totalPages_List = ceil($totalRows_List/$maxRows_List)-1;
-
-
$Id = $row_List['Id']; // set album id
-
-
-
?>
-
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
<html xmlns="http://www.w3.org/1999/xhtml">
-
<head>
-
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-
<title>Untitled Document</title>
-
</head>
-
<div id="mainContent">
-
<table border="1" cellpadding="1" cellspacing="1">
-
<h1><caption align="center" style="font-size:xx-large">
-
List
-
</caption></h1>
-
<?php do { ?>
-
<tr>
-
<td><?php echo $Id ; ?></td>
-
<td><?php echo $row_List['Title']; ?><?php echo $row_List['Date']; ?></td></tr>
-
<tr>
-
<td><a href="List.php?Id=$Id"><img src="<?php echo $row_List['Picture']; ?>" height="120" width="120" align="middle"/></a></td>
-
</tr>
-
<?php } while ($row_List = mysql_fetch_assoc($List));
-
?>
-
</table>
-
-
</body>
-
</html>
-
<?php
-
mysql_free_result($list);
-
?>
-
No.
You say you end up with a URL like http://site.com/?id=$Id - as me and Dormilich have said before, this is because you are not using PHP to output the $Id variable, that is, it's being interpreted as plain text/html.
It should look like: <a href="list.php?Id=<?php echo $Id; ?>">
oh ok thanks for the expaination will try and get back. sorry for any frustration still new to php.
thanks again for your help!
ok so that works.
do you have a tutorial i can read on putting random strings in url to mix it up?
i.e. www.domain.com?Id=1&abcde&1234567
where it adds nonsense to the string; abcde and 1234567 have nothing to do with the site, just a security measure.
i was initially content on using sessions only but now i know that i need to use url and sessions and cookies.
thanks again for your help.
theo werntz ii
I think a random character generator will do that for you.
However, you can't assign multiple values to a variable. You have Id=1, Id=abcde, Id=1234567. This is not logical as it has already been set in the first one. You might try instead: - mydomain.com?id1=1&id2=abcdef&id3=1234567
So you will have 3 variables to deal with, id1, id2, and id3.
Can you explain your "security measure"? Why would a random get value improve security? Anything in $_GET should not be secret, important or crucial to your site. $_GET is the least secure and the most easily faked. $_SESSION is the hardest to fake, and $_POST is also done relatively easily.
Cookies are a little different, but can be faked as well, so don't keep important or sensitive things in a cookie.
yes they can be faked. but with sessions controling the application and the url encoded with bogus strings will try to limit the attempt of someone trying to access the account through the url or down load, or put their own content in the string.
Yes sessions are the hardest to fake.
So you are trying to pretend that your security is $_GET to lead people away from trying $_SESSION hacks?
I don't recommend you do this for two reasons:
1. If you are making the URL more complicated and not search engine friendly, then you should have a very good reason, and personally I don't think a fake security system is a good reason. This could drive customers away if it becomes problimatic, which happens when URLs are complicated.
2. Real hackers are good. If someone is able to hack sessions, they are good. A common characteristic of good hackers is wanting to be challenged. Having a security measure like that will attract hack attempts rather than deter them, and eventually one will get through and send you a smart message about your $_GET trick.
That's my 2 cents.
no its not a fake security system.
just seeing what i could pass and could not pass.
thanks for the help!
No worries. Let us know how you go and if you have any more questions.
thanks again for your help, i was able to pass those variables succesfully.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Amr Mostafa |
last post by:
Hello :)
I'm trying to write a script that deals with a web service.
I'm using NuSoap class.
my question is : Can I pass some variables By Reference to the web
service and get the result back...
|
by: A Web Master |
last post by:
I want to know the best way of passing on variable contents on a site
coded in ASP using frameset/frame. Content is used in all frames for
stuffs like screen_resolution, language, ...
My...
|
by: Consuelo Guenther |
last post by:
Hello,
I am having problems with passing variables between pages. I have the
following:
First asp page has the function:
-----------------------------------------------------------------------...
|
by: domeceo |
last post by:
can anyone tell me why I cannot pass values in a setTimeout function
whenever I use this function it says "menu is undefined" after th
alert.
function imgOff(menu, num) {
if (document.images) {...
|
by: Jack |
last post by:
Hi,
I need to pass multple variables in a link in order to go to a asp page with
the
two varables.
The following are the values of the variables using response.write:
<%'Response.Write Mypage...
|
by: Scott Zabolotzky |
last post by:
I'm trying to pass a custom object back and forth between forms.
This custom object is pulled into the app using an external reference
to an assembly DLL that was given to me by a co-worker. A...
|
by: Skeets |
last post by:
i'm passing session and hidden variables between pages. not to mention
post values.
i'm a little concerned that someone with sufficient knowledge could
spoof these vlaues and manipulate the...
|
by: Andrew Bullock |
last post by:
Hi,
I have two classes, A and B,
B takes an A as an argument in its constructor:
A a1 = new A();
B b = new B(a1);
|
by: BezerkRogue |
last post by:
This is the most fundamental action I am sure, but I can't seem to make it happen.
I am familiar with passing variables in ASP. But that doesn't seem to be the preferred method in .NET. I have...
|
by: chimambo |
last post by:
Hi All,
I am trying to pass variables between two frames in PHP. I want to get
a variable from F1 to F2 and the variable that is now in F2 should
pass back the variable to F1 and call another...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
