Jump to content

Recommended Posts

I'm using PHP and MySQL to display images on the first page. 

 

When the image is clicked on I'm passing an ID to a new page.

 

I want that ID to display the ID data that's associated with  that ID. 

 

For example: 

 

ID 1 should display - Title - title1,  Details - details1, image - image1 

 

and ID 2

 

ID 1 should dislay - Title - title2,  Details - details2, image - image2

 

But only displaying ID 1 data not matter if the URL is - website.com/thedetials.php?id=1  or  website.com/thedetials.php?id=2

 

In other words, it displays the same data even though the id in the URL is different. 

 

 

 

Page 1

$sql="SELECT * FROM thetable";
	  
$result = mysqli_query($con,$sql);
  
 echo " <ul>";
	
  while($row = mysqli_fetch_array($result) {
  echo "<li'>";

  echo "<a href='page2.php?id=$row[id]'><img src=$row[image]></a>";
	                                          
  echo "</li>";
    
 }
  
  echo "</ul>";  
           
 ?> 
     
     

<?php
// End while loop.


mysqli_close($con);

?>

Page 2

$id = $_GET['id']; 

$sql="SELECT id, title, details, image, FROM thetable";
	  
$result = mysqli_query($con,$sql);


$row = mysqli_fetch_array($result);
?>


   <?php echo $row['title'] ?> 
   <?php echo $row['details'] ?>
   <img class='projectItem-pic' src="<?php echo $row['image']?>">





If I use below - No data displays, not sure why.

$sql="SELECT * FROM thetable WHERE id = $id";  

Can someone tell me what I'm doing wrong? 

Edited by patmon
Link to comment
https://forums.phpfreaks.com/topic/289071-passing-an-id-data-to-new-page/
Share on other sites

First of all, you're not sanitizing $_GET['id'] which is bad practice.

 

Because you haven't shown us all the code this is what I'm assuming:

Page 2 works but when you change your query to "SELECT * FROM thetable WHERE id = $id" it fails?

 

Could be because $id has not been passed as an integer? $id = (int)$_GET['id']

 

If still no luck try replacing $id straight with an id that's in the database like: "SELECT * FROM thetable WHERE id = 1"

PoH , Yes page 2 is connecting to the db but when I change to SELECT * nothing displays. And when I change it back to the page 2 example above - SELECT id, title, details it displays id 1 data for both id 1 and id 2. An yes the data is different.

 

Can you give me an example of sanitizing? I see many examples but no uniform good way to do it.

 

I'll try your examples after work. Thanks

Can you give me an example of sanitizing? I see many examples but no uniform good way to do it.

 

Since you're expecting the ID to be a number, you can make sure it is with ctype_digit():

http://www.php.net/ctype-digit

 

 

 

CyberRobot, I am doing error checking in the connection code but I see a few things I can try from the url you provided. Thanks

 

I wish they would update the documentation to include examples which don't involve connecting to the database. The error-checking function can be used after running any query. When debugging queries, you could try the following:

$result = mysqli_query($con,$sql) or die(mysqli_error($con));

PoH, 

 

I used $id = (int)$_GET['id'] but didn't change anything... still getting id=1 and id=2 but id=2 is still displaying the same content as id=1.  

 

I tried sql="SELECT * FROM thetable WHERE id = 2" and this worked.  What I mean by that is id=2 showed id=2 content.  But of course id=1 displayed id=2 content but that was to be expected. 

 

So what does this tell us? 

Well I tried $sql="SELECT * FROM thetable WHERE id = $theid" and since I added $result = mysqli_query($con,$sql) or die(mysqli_error($con)); it showed me an error...  It said "Unknown column 'id' in 'where clause'"  I thought "Mr Stupid" here  id was saying the id is an indicator saying it's the id and = $id was the id column name.. if that makes sense.    Sorry guys not a PHP guy here.  So that told me that the column was wrong so I change it to the column name and it worked.    Thank you to the both of you.  You  guys helped a lot. 

Also as you know I was using  -  $theid= $_GET['id'];

 

I changed it using ctype_digit as CyberRobot said to do.   Let me know if you guys see an issue with it.  It works but not sure if it solves the sanitizing issue. 

if(ctype_digit($_GET['id'])){
$theid = $_GET['id'];
}  else  {
$theid = 0;
}
 

PoH, 

 

I used $id = (int)$_GET['id'] but didn't change anything... still getting id=1 and id=2 but id=2 is still displaying the same content as id=1.  

 

I tried sql="SELECT * FROM thetable WHERE id = 2" and this worked.  What I mean by that is id=2 showed id=2 content.  But of course id=1 displayed id=2 content but that was to be expected. 

 

So what does this tell us? 

So it works when you directly put the integer in but not when you're using the variable? Try:

sql="SELECT * FROM thetable WHERE id = '$id'"

$_GET is always passed as a string so we need to make sure that we are infact still holding the value of $id and it is indeed an integer.

 

EDIT:

 

Make sure $id = (int) $_GET['id']; and then add this code into your file to check if it is or isn't an int.

if( is_int($id)) {
    echo 'is int';
}else{
    echo 'not int';
}

if that still doesn't resolve any issues can you try setting $id = 1 and running the script? I really can't see whatelse could be the problem.

 

 

 

Also as you know I was using  -  $theid= $_GET['id'];

 

I changed it using ctype_digit as CyberRobot said to do.   Let me know if you guys see an issue with it.  It works but not sure if it solves the sanitizing issue. 

 

if(ctype_digit($_GET['id'])){

$theid = $_GET['id'];

}  else  {

$theid = 0;

}

 

 

Just read this....it's working now?

 

As with sanitizing the input, making id an integer should be enough in this case however more would be required if you were passing through a string.

$string = preg_replace('/[^-a-zA-Z0-9_]/', '', $_GET['string']);

This will take anything and make sure that it only contains letters, numbers, underscores or dashes.

Edited by PoH

Also as you know I was using  -  $theid= $_GET['id'];

 

I changed it using ctype_digit as CyberRobot said to do.   Let me know if you guys see an issue with it.  It works but not sure if it solves the sanitizing issue. 

 

if(ctype_digit($_GET['id'])){

$theid = $_GET['id'];

}  else  {

$theid = 0;

}

 

That should work.

I am trying to figure out the same thing and this is pretty much all going over my head :(

 

I am able to retrieve a value from MySQL.  Lets call it "$idToChange"

 

My question is how to I pass $idToChange to page2.php

 

I can pass the "newWeight" value fine because I manually enter it but the $idToChange is data fetch from the database and user should not have to manually type it in.

 

 

<form method='post' action='page2.php'>

 
Enter new weight: <input type="text" name="newWeight" /> 
<input type="hidden" name="idToChange" value="$idToChange" />
<input type='submit' onclick='page2.php'>
 
</form>
 
I have tried many variations and getting no where :(

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.