Jump to content

Assigning wrong session variable to link.


Go to solution Solved by Ch0cu3r,

Recommended Posts

My projects are successfully being listed by user using a while loop.  The next step is to use any of the listed project names as a link to the next page which will include information about that project that has been selected.  I'm using "ISSET"  then creating a session variable (lines 106 and 107) so I can carry that project name to the next page.  In the code below three projects are being listed as the should be.  However, when any of the three links are hit, the next page will only echo the last project in the list.  Am I missing some syntax here?

 

Thanks again guys,

CB

<?php	
	

		//Getting projects from user session variable
			$userid=$_SESSION['id'];
			
			
			
			$sql = "SELECT projects.name,projects.project_id\n"
			. "FROM hsa_users,projects,member_project\n"
			. "WHERE projects.id=member_project.project_id\n"
			. "AND member_project.user_id=$userid\n"
			. "AND hsa_users.id=$userid";
			
			$result=mysqli_query($conn,$sql);
			$row=mysqli_fetch_assoc($result);
			
			
			 $run = mysqli_query($conn, $sql);
			 $i=0;
			 
			 
			 while($row=mysqli_fetch_assoc($run))
			 {
				$projName	=$row['name'];
			 	$projNumber	= $row['project_id'];
				$i++;
				
				if(isset($_GET['name']));
				$_SESSION['project_name']=$row["name"];
			 
	?>
	
	
		<tr align="center">
				
				<td><a href="project.php"> <?php echo $projName;?></a></td>
				<td><?php echo $projNumber;?></td>
				
		</tr>		
		
		<?php
			 } //end while loop
		?>
		
		

		</table>
	</div>
					
			</div> <!--End main container-->
Edited by CloudBreaker

You dont want to use session variable for that purpose. You need to pass the project id to the next page, as a url query string parameter. Example code

<td><a href="project.php?id=<?php echo $projNumber"> <?php echo $projName;?></a></td>

In the next page you grab the probject id from the url using $_GET['id']. To get retrieve the project from the database, you apply a where clause to your query, eg SELECT * FROM projects WHERE project_id = $id.

 

Example code for project.php

<?php

// connect to db
$conn = new mysqli( ... );

// retrieve the project id from url, and make sure its a numeric value
if(isset($_GET['id']) && is_numeric($_GET['id'))
{
    // prepare query, the project id is bound as a value
    $stmt = $conn->prepare("SELECT projectId, projectName, etc.. FROM projects WHERE project_id = ?");
    // bind project id value to query
    $stmt->bind_param('i', intval($_GET['id']));

    // check the stmt did execute
    if($stmt->execute())
    {
        // fetch the result from the query
        $result = $stmt->get_result();
        // fetch the row
        if($row = $result->fetch_assoc())
        {
            // output the project details here
            echo "Project Name: " . $row['projectName'];
        }
        // no row was returned for the project id supplied, display error
        else
        {
            echo 'Project id ' . intval($_GET['id']) . ' does not exist';
        }
    }
    // statement did not execute, trigger an errror
    else
    {
        trigger_error('MySQL error, unable to fetch project: ' . $conn->error);
    }
}

For some reason the code gets grayed out after $projNumber with the example you provided.  I get this error...

 

Parse error: syntax error, unexpected '"', expecting ',' or ';' in B:\Programs\wamp\www\hsa\main.php on line 114

 

I tried this....   <td><a href="project.php?id=<?php echo $projNumber";?> <?php echo $projName;?></a></td>

but got the same error.

<tr align="center">
				
				
				<td><a href="project.php?id=<?php echo $projNumber"> <?php echo $projName;?></a></td>
				<td><?php echo $projNumber;?></td>
				
		</tr>		
		
		<?php
			 } //end while loop
		?>
		
		

		</table>
	</div>

Edited by CloudBreaker

I'm trying to get my head wrapped around what this statement you wrote up above actually does....(which is going through fine now).  Thank you very much btw.

 

You are assigning the $projNumber to the id which is passed and then retrieved by the $_GET function.  So now on the project.php page, "id" has the value of "whatever the project's name was clicked on". is this correct?

<td><a href="project.php?id=<?php echo $projNumber; ?>"> <?php echo $projName;?></a></td>

Just for clarity and hopefully to eliminate my confusion, here the project that was selected from the while loop in table form.  I'm trying to understand the logic.  I put my comments in as caps.  Thanks again.

 

id                 =3

name          =Meth_Vivarium

address       = 111 where ever

project_id    =214069

// retrieve the project id from url, and make sure its a numeric value
if(isset($_GET['id']) && is_numeric($_GET['id'))<--//(I ASSUME 214069 IS STORED IN THIS VALUE)
{
    // prepare query, the project id is bound as a value
    $stmt = $conn->prepare("SELECT projectId, projectName, etc.. FROM projects WHERE project_id = ?");<--//(NOW HERE AT THE END OF THE STATEMENT YOU PUT =?").  WOULDN'T YOU PUT "$_GET['ID']" HERE SINCE
IT'S STORING THE VALUE OF 214069 INSTEAD OF THE "QUESTION MARK"?)


    // bind project id value to query 
    $stmt->bind_param('i', intval($_GET['id']));<--(THIS IS A NEW ONE FOR ME...A LITTLE CONFUSED)

  • Solution

The line below is defining the link for each project, the project id is being passed in the query string. (Anything after the ? in a url is referred to as a query string, query strings are made up of key/value pairs, each key/value pairs are separated by an &. PHP will automatically populate the $_GET superglobal with the values in the query string)

<td><a href="project.php?id=<?php echo $projNumber; ?>"> <?php echo $projName;?></a></td>

So if our query returns two projects, lets say their project ids are 1 and 2 we'll have two links that look like this being produced

<td><a href="project.php?id=1">Project 1</a></td>
<td><a href="project.php?id=2">Project 2</a></td>

When the user clicks Project 1 link then the product id value of 1 is passed to project.php, if the user clicks the second link then the product id of 2 will be passed. $_GET['id'] is used to retrieve the value of the id being passed in the query string. 

 

It displays the projects name by querying the projects table to return the row where the project id matches $_GET['id']. To do this I am using a prepared statement, which is the correct way for using user input within queries If you are new prepared statements I recommend you read http://php.net/manual/en/mysqli.quickstart.prepared-statements.php to understand whats going on. The reason a prepared statement is used is to protect against SQL Injection.

I jumped the gun just a little bit.  Everything echoes through fine, however I got this strict standard warning that I've never seen before.   "( ! ) Strict standards: Only variables should be passed by reference in B:\Programs\wamp\www\hsa\project.php on line 81

 

It has something to do with the $_GET['id'] variable on line 81 possibly?

 

Thanks again,

CB

<?php

	// retrieve the project id from url, and make sure its a numeric value
	if(isset($_GET['id']) && is_numeric($_GET['id']))
	{
	
	// prepare query, the project id is bound as a value
   
		$stmt = $conn->prepare("SELECT project_id, name, id, address FROM projects WHERE project_id = ?");
	
	 // bind project id value to query
		$stmt->bind_param('i', intval($_GET['id']));
		
	 // check the stmt did execute
		if($stmt->execute())
		{
	
		// fetch the result from the query
        $result = $stmt->get_result();
        // fetch the row
        if($row = $result->fetch_assoc())
			{
			  // output the project details here
            echo "Project Name: " . $row['name']."<br>";
			echo "Project ADDRESS: " . $row['address']."<br>";
			echo "Project ID: " . $row['id'];
			}
		
		 // no row was returned for the project id supplied, display error
			else
			{
            echo 'Project id ' . intval($_GET['id']) . ' does not exist';
			}
		}
    // statement did not execute, trigger an error
			else
		{
        trigger_error('MySQL error, unable to fetch project: ' . $conn->error);
		}
	}

		
	
?>
$stmt->bind_param('i', intval($_GET['id']));

You need to pass an actual variable (which has an address in memory) and not a function result

$id = intval($_GET['id']);
$stmt->bind_param('i',$id);

Although the intval() is unnecessary with bound params

$stmt->bind_param('i', $_GET['id']);
Edited by Barand
  • Like 1
$stmt->bind_param('i', intval($_GET['id']));

You need to pass an actual variable (which has an address in memory) and not a function result

$id = intval($_GET['id']);
$stmt->bind_param('i',$id);

Although the intval() is unnecessary with bound params

$stmt->bind_param('i', $_GET['id']);

Well done..thanks.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.