powellt77
asked on
PHP & Query Strings
Hi All,
I'm struggling to understand how to pull a query string into a SQL Query.
All I'm trying to run is the following:
mysite.com?id=45
but keep getting errors of:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING
I think I may have completely miss-understood what I was reading!
I'm struggling to understand how to pull a query string into a SQL Query.
All I'm trying to run is the following:
mysite.com?id=45
but keep getting errors of:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE,
I think I may have completely miss-understood what I was reading!
$query = "Select * from products WHERE ID = $_SERVER['id']";
When passing params via URL it should be:
$_GET['id'];
You can check the both array contents with:
echo '<pre>';
print_r($_GET);
echo '</pre>';
echo '<pre>';
print_r($_SERVER);
echo '</pre>';
$_GET['id'];
You can check the both array contents with:
echo '<pre>';
print_r($_GET);
echo '</pre>';
echo '<pre>';
print_r($_SERVER);
echo '</pre>';
I think it should be :
Use a function like the following to sanitise the variable.
To use the function :
http://dev.mysql.com/doc/refman/5.0/en/identifier-case-sensitivity.html
Quote :
Although database and table names are not case sensitive on some platforms, you should not refer to a given database or table using different cases within the same statement. The following statement would not work because it refers to a table both as my_table and as MY_TABLE:
Column, index, and stored routine names are not case sensitive on any platform, nor are column aliases. Trigger names are case sensitive, which differs from standard SQL.
By default, table aliases are case sensitive on Unix, but not so on Windows or Mac OS X. The following statement would not work on Unix, because it refers to the alias both as a and as A:
Unquote ..
So although the column names are not case-sensitve, it is good practice to think of being case sensitve.
$query = "Select * from products WHERE ID = $_REQUEST['id']";
$query = "Select * from products WHERE ID = $_REQUEST['id']";
Use a function like the following to sanitise the variable.
function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Quote if not a number
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
To use the function :
$query = "Select * from products WHERE ID = ". check_input($_REQUEST['id']);
http://dev.mysql.com/doc/refman/5.0/en/identifier-case-sensitivity.html
Quote :
Although database and table names are not case sensitive on some platforms, you should not refer to a given database or table using different cases within the same statement. The following statement would not work because it refers to a table both as my_table and as MY_TABLE:
Column, index, and stored routine names are not case sensitive on any platform, nor are column aliases. Trigger names are case sensitive, which differs from standard SQL.
By default, table aliases are case sensitive on Unix, but not so on Windows or Mac OS X. The following statement would not work on Unix, because it refers to the alias both as a and as A:
Unquote ..
So although the column names are not case-sensitve, it is good practice to think of being case sensitve.
ASKER
Hi Both; Thanks for your replies.
So $_GET['id'] stops the errors, but I'm just not getting anything back from it in the page I'm making!
Question Points increased to 400
So $_GET['id'] stops the errors, but I'm just not getting anything back from it in the page I'm making!
Question Points increased to 400
<?php
**database connection bits **
$query = "Select * from products WHERE ID = '". $_GET['ID']."'";
$result = mysql_query($query);
?>
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>Untitled</title>
</head>
<body>
<table width="859" border="1" cellspacing="5" cellpadding="0" align=center>
<tr>
<td width="73"><div align="center"><font face="Arial"><strong>ID</strong></font></div></td>
<td width="169"><div align="center"><font face="Arial"><strong>ProductType</strong></font></div></td>
<td width="190"><div align="center"><font face="Arial"><strong>ProductName</strong></font></div></td>
<td width="150"><div align="center"><font face="Arial"><strong>SmallPic</strong></font></div></td>
<td width="110"><div align="center"><font face="Arial"><strong>Price</strong></font></div></td>
<td width="118"><div align="center"><font face="Arial"><strong>Active</strong></font></div></td>
</tr>
<tr>
<td class="style11"><div align="center"><font face="Arial" size=2><?php $result['ID'] ?></font></div></td>
<td class="style11"><div align="center"><font face="Arial" size=2><?php $result['ProductType'] ?></font></div></td>
<td class="style11"><div align="center"><font face="Arial" size=2><?php $result['ProductName'] ?></font></div></td>
<td class="style11"><div align="center"><font face="Arial" size=2><?php $result['SmallPic'] ?></font></div></td>
<td class="style11"><div align="center"><font face="Arial" size=2><?php $result['Price'] ?></font></div></td>
<td class="style11"><div align="center"><font face="Arial" size=2><?php $result['Active'] ?></font></div></td>
</tr>
</table>
</body>
</html>
you have to fetch the values first
try mysql_fetch_assoc ...
try mysql_fetch_assoc ...
$row = mysql_fetch_assoc($result);
print_r($row);
ASKER
kshna,
So close! lol - So I can see the output from the print. Just need it in the table!
Capture.JPG
So close! lol - So I can see the output from the print. Just need it in the table!
Capture.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
make the syntax of your query as follows....
Open in new window
Also I think... it should be $_GET['id'] or $_REQUEST['id'] .... as the id is passed in the query sting....
one more thing...do sanitize the input id before using it in a query string.... use mysql_real_escape_string($