Jump to content

MySQL Query with _GET

idgeit

By idgeit
in PHP Coding Help

 Share

Recommended Posts

idgeit Newbie

idgeit

Posted
Posted

Get all, can anyone tell me what im doing wrong here?

 

$query = "SELECT products.product_dis, products.product_title, products.product_dis, products.product_id, products.product_price, products.product_pic FROM products WHERE products.product_cat = ".$_GET['id'];

 

 

in the products.product_dis would be say "tools", and I want to use the _GET to take this from the URL,

so,

 

/catview.php?id=tools

 

 

Any help would be great!

~ Idgeit

Link to comment
https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/
Share on other sites
wildteen88 Regular Member

wildteen88

Posted
Posted

what does products.product_cat hold? You are using that column in your WHERE clause. DO you mean products.product_dis instead?

 

Also make sure you validate what is coming from _GET['id']. A malicious user could do SQL Injection attacks. Never use raw user input _POST, _GET etc in SQL queries.

Link to comment
https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/#findComment-210448
Share on other sites
wildteen88 Regular Member

wildteen88

Posted
Posted

You sure products.product_cat holds a keyword. Could you post your table scheme for the products table here.

 

If product_cat holds a keyword then it should work. Make sure the keywords you use in the URL and the product_cat column is in the same case. Database matches are not case-insensitive. Type your keywords in lowercase to be on the safe side.

Link to comment
https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/#findComment-210530
Share on other sites
per1os Member

per1os

Posted
Posted 

if (isset($_GET['id']) && !is_numeric($_GET['id'])) 
     $catID = "'" . mysql_real_esacpe_string($_GET['id']) . "'"; // put string in single quotes
else
     $catID = mysql_real_esacpe_string($_GET['id']);

$query = "SELECT products.product_dis, products.product_title, products.product_dis, products.product_id, products.product_price, products.product_pic FROM products WHERE products.product_cat = ".$catID;

 

Maybe that will work?

Link to comment
https://forums.phpfreaks.com/topic/43338-mysql-query-with-_get/#findComment-210533
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.