Jump to content

neewbie question


googlit

Recommended Posts

If youve read of any of my previous posts you will know that i am new to PHP & MySQL and just getting to grips with it....

 

my question today is relatively straight forward

 

i have a page which is product_detail.php, this page displays all the database info as i wish and is working perfctly with the following query:

$sql ='SELECT * FROM products WHERE id=1'

my question is is there a way that i can get it to work dynamically eg if the URL is www.domain.com/product_detail.php?id=2 it will display the no-2 record in the table?

 

i have search high and low for a 'How to' on this so i am able to learn but i'm not 100% on what i should be looking for....

i know this can be done......

 

if anybody can point me in the right direction????

 

cheers

Link to comment
https://forums.phpfreaks.com/topic/205847-neewbie-question/
Share on other sites

Yeah, pretty easily.

 

Pass the ID through the URL as you suggested, then retrieve it with $_GET['id']. You could use that within your query, e.g:

 

$sql = 'SELECT * FROM products WHERE id=' . $_GET['id'];

 

However this leaves you open to SQL injections; you need to filter or validate the input.

 

There's many way, and being as it's numeric perhaps the simplest method would be to use intval.

 

For example:

 

$sql = 'SELECT * FROM products WHERE id=' . intval($_GET['id']);

 

This will convert the input to an integer (so you won't get a syntax error for not using quotes around the value if a string is passed) and prevent them from entering any SQL injection.

Link to comment
https://forums.phpfreaks.com/topic/205847-neewbie-question/#findComment-1077153
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.