Jump to content

Hyperlink database output and open new page

Kleidi

By Kleidi
in PHP Coding Help

Recommended Posts

Kleidi Newbie

Kleidi

Posted
Posted

Hello everyone!

 

I'm looking around on how to link an output field of a database and when a user clicks on it, to open a new page with all the database container. What i have just now is the output code only:

 

<?php
include 'D:/Program Files/VertrigoServ/www/live/admini/includet/variabla.php';
include (BPATH . '/includet/dbconfig.php');
include (BPATH . '/includet/dblidhja.php');
$query="SELECT * FROM `ndeshje` ORDER BY `ndeshje`.`ora`";
$result=mysql_query($query);
$num=mysql_numrows($result);

mysql_close();
?>
<br /><br /><center><div class="ndeshjeshfaq">
<table width="598" border="0" align="center" class="ndeshjekoka">
  <tr>
          <td width="50" class="ndshfaqora">Ora</td>
           <td width="90" class="ndshfaqdata">Data</td>
        <td width="315" class="ndshfaqndeshja">Emri</td>
  </tr>
</table></center>


<?php
$i=0;
while ($i < $num) {
$id=mysql_result($result,$i,"id");
$ndeshja=mysql_result($result,$i,"ndeshja");
$ora=mysql_result($result,$i,"ora");
$data=mysql_result($result,$i,"data");
?>
<center>
<table width="598" border="0">
  <tr>
      <td width="50" class="ndshfaqora"><?php echo $ora;  ?></td>
    <td width="90" class="ndshfaqdata"><?php echo $data;  ?></td>
    <td width="315" class="ndshfaqndeshja"><a href="index.php?id=<?php echo $id;  ?>"><?php echo $ndeshja;  ?></a></td>
  </tr>
</table></center>
    
</div>
<?php
$i++;
}
?>

 

The output looks like :

18:25             01.03.2010                       Transformers 2 - Premiere

 

 

where Transformers 2 - Premiere is linked /index.php?id=$id

 

...

Until there is ok, but now, i don't know how to continue. I need that, when i click on that link, to load a new page with all database output of that id (in our example case, when i click on "Transformers 2 - Premiere" i need a page where should load the date, the time of movie, the date of movie and the trial of that movie.)

 

....

 

Hope that i have explained good what i need and i was understandable.

 

Waiting for your help!

 

Thank you in advance!

Catfish Member

Catfish

Posted
Posted

i am assuming the code you have already written is in index.php, so if this is the case, here's what you need to do:

 

creat an if() conditional that checks if the value $_GET['id'] exists and that it is set. when this is FALSE your code will do what it does now. When it is TRUE, it will execute a different block of code that does what you have asked in your original post:

<?php
if (!isset($_GET['id'])) // if $_GET['id'] is NOT set
{
   include 'D:/Program Files/VertrigoServ/www/live/admini/includet/variabla.php';
   include (BPATH . '/includet/dbconfig.php');
   include (BPATH . '/includet/dblidhja.php');
   $query="SELECT * FROM `ndeshje` ORDER BY `ndeshje`.`ora`";
   $result=mysql_query($query);
   $num=mysql_numrows($result);
   
   mysql_close();
?>
<br /><br /><center><div class="ndeshjeshfaq">
<table width="598" border="0" align="center" class="ndeshjekoka">
  <tr>
          <td width="50" class="ndshfaqora">Ora</td>
           <td width="90" class="ndshfaqdata">Data</td>
        <td width="315" class="ndshfaqndeshja">Emri</td>
  </tr>
</table></center>


<?php
   $i=0;
   while ($i < $num) {
   $id=mysql_result($result,$i,"id");
   $ndeshja=mysql_result($result,$i,"ndeshja");
   $ora=mysql_result($result,$i,"ora");
   $data=mysql_result($result,$i,"data");
?>
<center>
<table width="598" border="0">
  <tr>
      <td width="50" class="ndshfaqora"><?php echo $ora;  ?></td>
    <td width="90" class="ndshfaqdata"><?php echo $data;  ?></td>
    <td width="315" class="ndshfaqndeshja"><a href="index.php?id=<?php echo $id;  ?>"><?php echo $ndeshja;  ?></a></td>
  </tr>
</table></center>
    
</div>
<?php
   $i++;
   }
} // end if()
else // $_GET['id'] IS set
{
   if (!empty($_GET['id'])) // if $_GET['id'] is NOT empty
   {
      // validate data first, check for injection etc.
      // code to get movie information from database and output it
   } // end if()
} // end else
?>

 

Any code that is common to both tasks may be able to be placed at the start of the file, before the if () { } else { } code blocks to cut down on repetitive code.

Kleidi Newbie

Kleidi

Posted
  • Author
Posted

:thumb-up: Thank you very very very much ... You saved me :D

I had a some problems on getting it work but i resolved them by myself. I have forgot to change "order by" on db query :P. Anyway, now it works great thanks to you.

What i don;t know how to do now is how to "validate data first, check for injection etc." Can you, PLEASE, explain or make an example for me?

 

The code now looks like:

 

<?php
if (!isset($_GET['id'])) // if $_GET['id'] is NOT set
{
   include 'D:/Program Files/VertrigoServ/www/live/admini/includet/variabla.php';
   include (BPATH . '/includet/dbconfig.php');
   include (BPATH . '/includet/dblidhja.php');
   $query="SELECT * FROM `ndeshje` ORDER BY `ndeshje`.`ora`";
   $result=mysql_query($query);
   $num=mysql_numrows($result);
   
   mysql_close();
?>
<br /><br /><center><div class="ndeshjeshfaq">
<table width="598" border="0" align="center" class="ndeshjekoka">
  <tr>
          <td width="50" class="ndshfaqora">Ora</td>
           <td width="90" class="ndshfaqdata">Data</td>
        <td width="315" class="ndshfaqndeshja">Emri</td>
  </tr>
</table></center>


<?php
   $i=0;
   while ($i < $num) {
   $id=mysql_result($result,$i,"id");
   $ndeshja=mysql_result($result,$i,"ndeshja");
   $ora=mysql_result($result,$i,"ora");
   $data=mysql_result($result,$i,"data");
  ?>
<center>
<table width="598" border="0">
  <tr>
      <td width="50" class="ndshfaqora"><?php echo $ora;  ?></td>
    <td width="90" class="ndshfaqdata"><?php echo $data;  ?></td>
    <td width="315" class="ndshfaqndeshja"><a href="index.php?id=<?php echo $id;  ?>"><?php echo $ndeshja;  ?></a></td>
  </tr>
</table></center>
    
</div>
<?php
   $i++;
   }
} // end if()
else // $_GET['id'] IS set
{
   if (!empty($_GET['id'])) // if $_GET['id'] is NOT empty
   {
      // validate data first, check for injection etc.
  
 // added by Kleidi: getting infos from db
  include 'D:/Program Files/VertrigoServ/www/live/admini/includet/variabla.php';
 include (BPATH . '/includet/dbconfig.php');
   include (BPATH . '/includet/dblidhja.php');
   $query="SELECT * FROM `ndeshje` WHERE id = '$_GET[id]'";
   $result=mysql_query($query);
   $num=mysql_numrows($result);
   
   $id=mysql_result($result,$i,"id");
   $ndeshja=mysql_result($result,$i,"ndeshja");
   $ora=mysql_result($result,$i,"ora");
   $data=mysql_result($result,$i,"data");
   $kodi=mysql_result($result,$i,"kodi");
   // added by Kleidi: end of getting infos from db
?>
<center> 
<!-- added by Kleidi: show up the db container-->
<?php echo $data;  ?> - <?php echo $ora;  ?> <br />
   <b> <?php echo $ndeshja;  ?></b><br />
   <p> <?php echo $kodi;  ?> </p><br />
<!-- added by Kleidi: end of the show up the db container-->
   
<?php     // code to get movie information from database and output it
   } // end if()
} // end else
?>

 

Thank you again! :-*  :P

Catfish Member

Catfish

Posted
Posted

since you are using GET as the method of passing values to the script, you need to validate the format etc. of the data passed to the script. You may say, "but my first page is setting the values to send to the script" and this is true. But it doesn't mean someone can't change those passed values. Eg:

 

your script might output <a href="index.php?variable=Value">Value</a> and a user can click Value to send Value to index.php. THis is what you want, but someone can just as easily type: http://www.yourwebsite.com/index.php?variable=someValueYouDontWantToAllow

 

This may not seem like much of a problem at first, but this is where "injection" comes into it. Anywhere that a user can input data to pass to one of your scripts can be a security hole. Just google for mysql injection and yu will find examples of what can be done to your databases etc.

 

To prevent this, you need to validate the data passed to your script. Depending on the nature of your data, you can test for things like if it is numeric, a string, an array, a float etc etc. check out: http://www.php.net/manual/en/ref.var.php

 

Why do this? Because if the data is _not_ something you are expecting, you can make your script either strip the bad stuff out of the value or simply fail and stop executing.

 

mysql_real_escape_string() is a function that you should use on data that is going to be used in building a database query. See: http://au.php.net/manual/en/function.mysql-real-escape-string.php

Take note of example 2 on that page to understand the risks posed by Mysql injection attacks.

Kleidi Newbie

Kleidi

Posted
  • Author
Posted

since you are using GET as the method of passing values to the script, you need to validate the format etc. of the data passed to the script. You may say, "but my first page is setting the values to send to the script" and this is true. But it doesn't mean someone can't change those passed values. Eg:

 

your script might output <a href="index.php?variable=Value">Value</a> and a user can click Value to send Value to index.php. THis is what you want, but someone can just as easily type: http://www.yourwebsite.com/index.php?variable=someValueYouDontWantToAllow

 

This may not seem like much of a problem at first, but this is where "injection" comes into it. Anywhere that a user can input data to pass to one of your scripts can be a security hole. Just google for mysql injection and yu will find examples of what can be done to your databases etc.

 

To prevent this, you need to validate the data passed to your script. Depending on the nature of your data, you can test for things like if it is numeric, a string, an array, a float etc etc. check out: http://www.php.net/manual/en/ref.var.php

 

Why do this? Because if the data is _not_ something you are expecting, you can make your script either strip the bad stuff out of the value or simply fail and stop executing.

 

mysql_real_escape_string() is a function that you should use on data that is going to be used in building a database query. See: http://au.php.net/manual/en/function.mysql-real-escape-string.php

Take note of example 2 on that page to understand the risks posed by Mysql injection attacks.

Many thanks to you bro ... i will take a look out there and see how to improve my script, since i'm new on business :D

Thank again for your help ;) ! God Bless You ;)

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.