Jump to content

Regarding the $GET_ and MySQL

Johns3n

By Johns3n
in PHP Coding Help

 Share

Recommended Posts

Johns3n Member

Johns3n

Posted
Posted

Hello everyone @ PHPfreaks.com

 

I recently began coding PHP and learned quite alot by own and doing some Google searches (yes, Google is our friend!) But unfortunaly, I have come across a problem which I wasn't able to find a solution to by myself (Maybe I just don't know what to search for probaly) But I saw my only way out to finally join a PHP community, and now I hope you can help with me problem.

 

I made a small CMS system for a client, it's nothing much, but does it job.. but unfortunaly I have some issues with SQL and the $GET_ function, this is the code that is causing my headaches:

 

$result = mysql_query("SELECT * FROM nybygninger WHERE id='"$_GET['itemid']"'");

while($row = mysql_fetch_array($result))
  {
  echo "" . $row['name'] . "";

 

I made a page called Single.php which always has this after is it's URL ?item=idnumber refering to the post i need.

 

But the above, but when i try to do with the top mentioned code string, the webpage just goes blank for me! So was hoping that you guys could help me see where i go wrong? ^^

 

Thanks in advance!

 

- Kenneth

 

(P.S Sorry if I posted in the wrong forum)

Link to comment
https://forums.phpfreaks.com/topic/185608-regarding-the-get_-and-mysql/
Share on other sites
cytech Member

cytech

Posted
Posted 

mysql_query("SELECT * FROM nybygninger WHERE id='".$_GET['itemid']."'");

 

Be sure to add "." the period before and after the variable. It tells php that you can to add this variable tot he string.

 

Also be sure to use mysql_real_escape_string on your variables when collecting them from _GET, if you don't it will open you up to some nasty sql injection attacks.

 

so:

$itemid = mysql_real_escape_string($_GET['itemid']);
mysql_query("SELECT * FROM nybygninger WHERE id='".$itemid."'");

 

Hope that helps :)

david91 Newbie

david91

Posted
Posted

If the end of the url is always "?item=idnumber" then to get the value of "item" in your php script you would put this:

 

$item = $_GET['item'];

 

instead of:

 

$item = $_GET['itemid'];

 

and also like the person above said you should always secure the data you receive, especially when putting it into database queries.

Johns3n Member

Johns3n

Posted
  • Author
Posted

Thanks both you :)

 

I realized that I made a typo david91, but was aware of that :D But thanks again

 

It works flawlessly now :)

 

I might make a new post later about how to secure a login box from SQL injection attacks.. but that will be another time, since i just need this working at the moment :)

 

But again thanks :D This is now solved

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Both of the errors (a fatal parse error due to the missing dots and an undefined GET array index name due to the mismatch between the name being used on the end of the URL and what the code was using) would have been exposed if you were developing and debugging php code on a system with error_reporting set to E_ALL and display_errors set to ON in your master php.ini.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.