~ php help with $_GET["id"] ~

[singhy]

hi all

 

new to webforum and php, how can I enter $_get['id] as I know this id...my code snippet is below

 

$sql = "SELECT x,y,z  from tablename WHERE Id='" . $_GET["id"] . "'";

 

It works fine as it is getting the variable from a another webpage, but I know an id and want to enter it manually just to check a different webpage , thanks in advance....singhy

 

Please give example if the known id=xyztest

[cyberRobot]

Are you getting any errors? If not, have you checked if there are any MySQL errors? I'm not sure if you're using MySQL, MySQLi, or PDO, but they all have a function for showing errors after a query is processed. Here is the function for MySQL:

http://www.php.net/manual/en/function.mysql-error.php

[ginerjm]

Try modifying your code like this:

 

 

$my_id = "xyztest";
if (isset($_GET['id']))
{
   $id = $_GET['id'];
}
else
{
    $id = $my_id;
}
$sql = "Select x,y,z from tablename where Id='$id'";

 

This will use the $_GET value if provided, otherwise your value.  Of course you really need to add some code to secure yourself from injection by using prepared statements (mysqlI or PDO AND NOT MYSQL_* functions).  Otherwise you're just asking for a hacker to invade your data.

[singhy]

hi cyberrobot

 

thanks for the reply, I am using php and MySQL, the info given very helpful, thanks singhy

[singhy]

Hi GinerJim

 

thanks for the quick response and for the code snippet, it worked a treat, thanks for your help singhy