Paws Posted April 4, 2009 Share Posted April 4, 2009 Ok I'm pretty new to php and I want to make a free online games site. To do this i'm using a mysql database to store all the games. Currently I have a table called "game". And in that I have 3 fields. id to tell what game it is. Name the name of the game and location, where the game is. I want to have them all in one page (playgame?id=1) but i'm having trouble with the $_get in the mysql query. Could someone possible write up a short bit of PHP that involves getting the id from the url, querying the database and then using the mysql_fetch_array() tag to finish it off for my please. Thanks. Sorry if this is badly worded. Link to comment https://forums.phpfreaks.com/topic/152576-help-using-_get-with-mysql-query/ Share on other sites More sharing options...
Ashoar Posted April 4, 2009 Share Posted April 4, 2009 Try this, just update where it says so. <?php //Add database connection info here $info = $_GET['//database row name of info here']; $query = mysql_query("SELECT * FROM game WHERE //database row name of info here='$info' "); if (mysql_num_rows($query) == 0) { echo "No information found."; } else { $row = mysql_fetch_array($query); ?> Then to show the info: <?php echo($row['//database row name of info here']); ?> Link to comment https://forums.phpfreaks.com/topic/152576-help-using-_get-with-mysql-query/#findComment-801338 Share on other sites More sharing options...
charleshill Posted April 4, 2009 Share Posted April 4, 2009 $_GET is a super global in PHP. Which means you don't have to declare it as a global or anything like that. If a URL you are using to access a PHP script looks like the following: http://yoursite.com/script.php?id=1 Then, provided script.php exists in your site's root directory, it will be accessed and you can use $_GET to retrieve the information from the query string of the URL (the ?... part). So in script.php $_GET['id'] would be equal to 1 in this example. Whenever using information from $_GET, $_POST, $_REQUEST, $_COOKIE you should always assume the data is malicious and shouldn't be trusted. That doesn't mean you can't use it. In this case, if you know that $_GET['id'] should always be an integer, you can use the following to "sanitize" the info you get from it: $id = (int) $_GET['id']; edit... The code given by Ashoar above is not secure. He has used information from $_GET directly in a mysql query without sanitizing it. That code is highly susceptible to SQL injection. Before using a string in a mysql query you should always use mysql_real_escape_string() on it. Link to comment https://forums.phpfreaks.com/topic/152576-help-using-_get-with-mysql-query/#findComment-801343 Share on other sites More sharing options...
Paws Posted April 4, 2009 Author Share Posted April 4, 2009 Worked. Thanks alot Link to comment https://forums.phpfreaks.com/topic/152576-help-using-_get-with-mysql-query/#findComment-801347 Share on other sites More sharing options...
Ashoar Posted April 4, 2009 Share Posted April 4, 2009 If you are referring to mine, no problem Link to comment https://forums.phpfreaks.com/topic/152576-help-using-_get-with-mysql-query/#findComment-801350 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.