patmon Posted June 9, 2014 Share Posted June 9, 2014 (edited) I'm using PHP and MySQL to display images on the first page. When the image is clicked on I'm passing an ID to a new page. I want that ID to display the ID data that's associated with that ID. For example: ID 1 should display - Title - title1, Details - details1, image - image1 and ID 2 ID 1 should dislay - Title - title2, Details - details2, image - image2 But only displaying ID 1 data not matter if the URL is - website.com/thedetials.php?id=1 or website.com/thedetials.php?id=2 In other words, it displays the same data even though the id in the URL is different. Page 1 $sql="SELECT * FROM thetable"; $result = mysqli_query($con,$sql); echo " <ul>"; while($row = mysqli_fetch_array($result) { echo "<li'>"; echo "<a href='page2.php?id=$row[id]'><img src=$row[image]></a>"; echo "</li>"; } echo "</ul>"; ?> <?php // End while loop. mysqli_close($con); ?> Page 2 $id = $_GET['id']; $sql="SELECT id, title, details, image, FROM thetable"; $result = mysqli_query($con,$sql); $row = mysqli_fetch_array($result); ?> <?php echo $row['title'] ?> <?php echo $row['details'] ?> <img class='projectItem-pic' src="<?php echo $row['image']?>"> If I use below - No data displays, not sure why. $sql="SELECT * FROM thetable WHERE id = $id"; Can someone tell me what I'm doing wrong? Edited June 9, 2014 by patmon Quote Link to comment Share on other sites More sharing options...
PoH Posted June 9, 2014 Share Posted June 9, 2014 First of all, you're not sanitizing $_GET['id'] which is bad practice. Because you haven't shown us all the code this is what I'm assuming: Page 2 works but when you change your query to "SELECT * FROM thetable WHERE id = $id" it fails? Could be because $id has not been passed as an integer? $id = (int)$_GET['id'] If still no luck try replacing $id straight with an id that's in the database like: "SELECT * FROM thetable WHERE id = 1" Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted June 9, 2014 Share Posted June 9, 2014 Have you checked to see if MySQL is throwing errors? http://www.php.net//manual/en/mysqli.error.php Quote Link to comment Share on other sites More sharing options...
patmon Posted June 9, 2014 Author Share Posted June 9, 2014 PoH , Yes page 2 is connecting to the db but when I change to SELECT * nothing displays. And when I change it back to the page 2 example above - SELECT id, title, details it displays id 1 data for both id 1 and id 2. An yes the data is different. Can you give me an example of sanitizing? I see many examples but no uniform good way to do it. I'll try your examples after work. Thanks Quote Link to comment Share on other sites More sharing options...
patmon Posted June 9, 2014 Author Share Posted June 9, 2014 CyberRobot, I am doing error checking in the connection code but I see a few things I can try from the url you provided. Thanks Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted June 9, 2014 Share Posted June 9, 2014 Can you give me an example of sanitizing? I see many examples but no uniform good way to do it. Since you're expecting the ID to be a number, you can make sure it is with ctype_digit(): http://www.php.net/ctype-digit CyberRobot, I am doing error checking in the connection code but I see a few things I can try from the url you provided. Thanks I wish they would update the documentation to include examples which don't involve connecting to the database. The error-checking function can be used after running any query. When debugging queries, you could try the following: $result = mysqli_query($con,$sql) or die(mysqli_error($con)); Quote Link to comment Share on other sites More sharing options...
patmon Posted June 9, 2014 Author Share Posted June 9, 2014 PoH, I used $id = (int)$_GET['id'] but didn't change anything... still getting id=1 and id=2 but id=2 is still displaying the same content as id=1. I tried sql="SELECT * FROM thetable WHERE id = 2" and this worked. What I mean by that is id=2 showed id=2 content. But of course id=1 displayed id=2 content but that was to be expected. So what does this tell us? Quote Link to comment Share on other sites More sharing options...
patmon Posted June 9, 2014 Author Share Posted June 9, 2014 (edited) CyberRobot, I had $result = mysqli_query($con,$sql) so removed that and added - $result = mysqli_query($con,$sql) or die(mysqli_error($con)); There were no errors. Edited June 9, 2014 by patmon Quote Link to comment Share on other sites More sharing options...
patmon Posted June 10, 2014 Author Share Posted June 10, 2014 Well I tried $sql="SELECT * FROM thetable WHERE id = $theid" and since I added $result = mysqli_query($con,$sql) or die(mysqli_error($con)); it showed me an error... It said "Unknown column 'id' in 'where clause'" I thought "Mr Stupid" here id was saying the id is an indicator saying it's the id and = $id was the id column name.. if that makes sense. Sorry guys not a PHP guy here. So that told me that the column was wrong so I change it to the column name and it worked. Thank you to the both of you. You guys helped a lot. Quote Link to comment Share on other sites More sharing options...
patmon Posted June 10, 2014 Author Share Posted June 10, 2014 Also as you know I was using - $theid= $_GET['id']; I changed it using ctype_digit as CyberRobot said to do. Let me know if you guys see an issue with it. It works but not sure if it solves the sanitizing issue. if(ctype_digit($_GET['id'])){$theid = $_GET['id'];} else {$theid = 0;} Quote Link to comment Share on other sites More sharing options...
PoH Posted June 10, 2014 Share Posted June 10, 2014 (edited) PoH, I used $id = (int)$_GET['id'] but didn't change anything... still getting id=1 and id=2 but id=2 is still displaying the same content as id=1. I tried sql="SELECT * FROM thetable WHERE id = 2" and this worked. What I mean by that is id=2 showed id=2 content. But of course id=1 displayed id=2 content but that was to be expected. So what does this tell us? So it works when you directly put the integer in but not when you're using the variable? Try: sql="SELECT * FROM thetable WHERE id = '$id'" $_GET is always passed as a string so we need to make sure that we are infact still holding the value of $id and it is indeed an integer. EDIT: Make sure $id = (int) $_GET['id']; and then add this code into your file to check if it is or isn't an int. if( is_int($id)) { echo 'is int'; }else{ echo 'not int'; } if that still doesn't resolve any issues can you try setting $id = 1 and running the script? I really can't see whatelse could be the problem. Also as you know I was using - $theid= $_GET['id']; I changed it using ctype_digit as CyberRobot said to do. Let me know if you guys see an issue with it. It works but not sure if it solves the sanitizing issue. if(ctype_digit($_GET['id'])){ $theid = $_GET['id']; } else { $theid = 0; } Just read this....it's working now? As with sanitizing the input, making id an integer should be enough in this case however more would be required if you were passing through a string. $string = preg_replace('/[^-a-zA-Z0-9_]/', '', $_GET['string']); This will take anything and make sure that it only contains letters, numbers, underscores or dashes. Edited June 10, 2014 by PoH Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted June 10, 2014 Share Posted June 10, 2014 Also as you know I was using - $theid= $_GET['id']; I changed it using ctype_digit as CyberRobot said to do. Let me know if you guys see an issue with it. It works but not sure if it solves the sanitizing issue. if(ctype_digit($_GET['id'])){ $theid = $_GET['id']; } else { $theid = 0; } That should work. Quote Link to comment Share on other sites More sharing options...
RadioMetaverse Posted June 10, 2014 Share Posted June 10, 2014 I am trying to figure out the same thing and this is pretty much all going over my head I am able to retrieve a value from MySQL. Lets call it "$idToChange" My question is how to I pass $idToChange to page2.php I can pass the "newWeight" value fine because I manually enter it but the $idToChange is data fetch from the database and user should not have to manually type it in. <form method='post' action='page2.php'> Enter new weight: <input type="text" name="newWeight" /> <input type="hidden" name="idToChange" value="$idToChange" /> <input type='submit' onclick='page2.php'> </form> I have tried many variations and getting no where Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted June 10, 2014 Share Posted June 10, 2014 @RadioMetaverse - Please don't hijack posts. If you have a question, please start your own thread. Otherwise, it becomes very difficult to tell who's answering what question. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.