Jump to content

PHP code to get MySQL row from URL param


Go to solution Solved by Barand,

Recommended Posts

Could someone please help me out here?

I've been using the code below in some of my WordPress pages, but I've looked at it so long ago that I honestly can't remember how to debug it - go figure... The only thing that changed was the database.

It works like this:

  1. URL has parameter called id in this form: http://example.com/post?id=...
  2. Code checks if param is present, otherwise it redirects home.
  3. If the param is present, code gets the ID and compares it to the records in the MySQL database hosted by my ISP.
  4. Match gets used in an echo statement.
  5. A div on the page is activated.

Database Layout:

+-------+------------+------------+------------+------------+---------------+
|  id   |    Naam    |  Metgesel  |   Kind1    |   Kind2    |     Email     |
+-------+------------+------------+------------+------------+---------------+
| abc12 |   Bobby    |   Caily    |      *     |     *      | b@example.com |
|  ...  |    ...     |    ...     |     ...    |    ...     |      ...      |
+-------+------------+------------+------------+------------+---------------+

ERROR ENCOUNTERED:

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/.../public_html/wp-content/plugins/insert-php-code-snippet/shortcode-handler.php(32) : eval()'d code on line 4 Invalid or no security key!

Code:

<script>
function invite(){
document.getElementById('invite').style.display=(document.getElementById('invite').style.display=='block')?'none':'block'; 
}
</script>

<script>
function returnHome(){
setTimeout(function () {window.location.href = 'http://example.com';},2000); 
}
</script>

$part = $_REQUEST['id'];

if(isset($_GET["id"])){
    $query = sprintf("SELECT * FROM `DATABASE`.`TABLE`
       WHERE idquack='$part'",
       mysql_real_escape_string($query));

    $result = mysql_query($query);
    if (!$result) {
        $message = 'Invalid or no security key!';
        die($message);
    } else {
        while ($row = mysql_fetch_assoc($result)) {
            if ($row['Metgesel'] != "*"){
                if ($row['Metgesel'] == "#"){
                    if ($row['Kind1'] != "*"){
                        if ($row['Kind2'] != "*"){
                            echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>";
                        } else {
                            echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . " en " . $row['Kind1'] . "</h1>";
                        }
                    } else {
                         echo '<h1>' . $row['Naam'] . " en " . "Metgesel" . "</h1>";
                    }
                } else{
                    if ($row['Kind1'] != "*"){
                        if ($row['Kind2'] != "*"){
                            echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>";
                        } else {
                            echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . " en " . $row['Kind1'] . "</h1>";
                        }
                    } else {
                        echo '<h1>' . $row['Naam'] . " en " . $row['Metgesel'] . "</h1>";
                    }
                }
            } else {
                echo '<h1>' . $row['Naam'] . "</h1>";
            }

            echo '<script>invite();</script>';
        }
    }

    mysql_free_result($result);
} else{
    echo 'Hold on tight - we're taking you to safety!';
    echo '<script>returnHome();</script>';
}

 

Both of your answers combined gave me the result, thank you! 

 

This is my final coding:

$part = $_REQUEST['id'];

if(isset($_GET["id"])){

    $conn = mysql_connect("localhost","USERNAME","PASSWORD");
    mysql_select_db("DATABASE",$conn);

    $query = sprintf("SELECT * FROM `quack`
       WHERE idquack='%s'",
       mysql_real_escape_string($part));

    $result = mysql_query($query);

    if (!$result) {
        $message = 'Invalid or no security key!';
        die($message);
    } else {
        while ($row = mysql_fetch_assoc($result)) {
            if ($row['Metgesel'] != "*"){
                if ($row['Metgesel'] == "#"){
                    if ($row['Kind1'] != "*"){
                        if ($row['Kind2'] != "*"){
                            echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>";
                        } else {
                            echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . " en " . $row['Kind1'] . "</h1>";
                        }
                    } else {
                         echo '<h1>' . $row['Naam'] . " en " . "Metgesel" . "</h1>";
                    }
                } else{
                    if ($row['Kind1'] != "*"){
                        if ($row['Kind2'] != "*"){
                            echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>";
                        } else {
                            echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . " en " . $row['Kind1'] . "</h1>";
                        }
                    } else {
                        echo '<h1>' . $row['Naam'] . " en " . $row['Metgesel'] . "</h1>";
                    }
                }
            } else {
                echo '<h1>' . $row['Naam'] . "</h1>";
            }

            echo '<script>invite();</script>';
        }
    }

    mysql_free_result($result);
} else{
    echo ''n Fout het voorgekom! Jammer daarvoor. Jy sal nou na die tuisblad geneem word.';
    echo '<script>returnHome();</script>';
}

Or check for $_REQUEST and use $_GET

For one you should first see if $_GET["id"] is set, also not empty before you define a variable to it.

 

$part = $_REQUEST['id'];

if(isset($_GET["id"])){

if( isset($_GET['id']) && trim($_GET['id']) != '' && ctype_alnum($_GET['id']) ) { //is this supposed to be alphanumeric? make sure it is one

$part = trim($_GET['id']);

} else {

//stop from continuing the script
die('stop right there is nothing more to do!!!');

}
Edited by QuickOldCar
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.