neewbie question

[googlit]

If youve read of any of my previous posts you will know that i am new to PHP & MySQL and just getting to grips with it....

 

my question today is relatively straight forward

 

i have a page which is product_detail.php, this page displays all the database info as i wish and is working perfctly with the following query:

$sql ='SELECT * FROM products WHERE id=1'

my question is is there a way that i can get it to work dynamically eg if the URL is www.domain.com/product_detail.php?id=2 it will display the no-2 record in the table?

 

i have search high and low for a 'How to' on this so i am able to learn but i'm not 100% on what i should be looking for....

i know this can be done......

 

if anybody can point me in the right direction????

 

cheers

[Adam]

Yeah, pretty easily.

 

Pass the ID through the URL as you suggested, then retrieve it with $_GET['id']. You could use that within your query, e.g:

 

$sql = 'SELECT * FROM products WHERE id=' . $_GET['id'];

 

However this leaves you open to SQL injections; you need to filter or validate the input.

 

There's many way, and being as it's numeric perhaps the simplest method would be to use intval.

 

For example:

 

$sql = 'SELECT * FROM products WHERE id=' . intval($_GET['id']);

 

This will convert the input to an integer (so you won't get a syntax error for not using quotes around the value if a string is passed) and prevent them from entering any SQL injection.

[googlit]

Fantastic!!

 

thanks for your help... i was up till stupid o'clock this morning looking at this and it was really annoying me......