Avatar of powellt77
powellt77
Flag for United Kingdom of Great Britain and Northern Ireland asked on

PHP & Query Strings

Hi All,

I'm struggling to understand how to pull a query string into a SQL Query.

All I'm trying to run is the following:

mysite.com?id=45

but keep getting errors of:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

I think I may have completely miss-understood what I was reading!
$query = "Select * from products WHERE ID = $_SERVER['id']";

Open in new window

PHP

Avatar of undefined
Last Comment
Sandeep Kothari

8/22/2022 - Mon
Sandeep Kothari


make the syntax of your query as follows....

$query = "Select * from products WHERE ID ='". $_SERVER['id']."'";

Open in new window


Also I think... it should be $_GET['id'] or $_REQUEST['id'] .... as the id is passed in the query sting....

one more thing...do sanitize the input id before using it in a query string.... use mysql_real_escape_string($id) where $id = $_REQUEST['id'] or whatever the value of id is ...


sonetinc

When passing params via URL it should be:

$_GET['id'];


You can check the both array contents with:

  echo '<pre>';
  print_r($_GET);
  echo '</pre>';

  echo '<pre>';
  print_r($_SERVER);
  echo '</pre>';

maeltar

I think it should be :

      
$query = "Select * from products WHERE ID = $_REQUEST['id']";

Open in new window


$query = "Select * from products WHERE ID = $_REQUEST['id']";

Open in new window


Use a function like the following to sanitise the variable.

function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
  {
  $value = stripslashes($value);
  }
// Quote if not a number
if (!is_numeric($value))
  {
  $value = "'" . mysql_real_escape_string($value) . "'";
  }
return $value;
}

Open in new window


To use the function :

$query = "Select * from products WHERE ID = ". check_input($_REQUEST['id']);

Open in new window



http://dev.mysql.com/doc/refman/5.0/en/identifier-case-sensitivity.html

Quote :

Although database and table names are not case sensitive on some platforms, you should not refer to a given database or table using different cases within the same statement. The following statement would not work because it refers to a table both as my_table and as MY_TABLE:

Column, index, and stored routine names are not case sensitive on any platform, nor are column aliases. Trigger names are case sensitive, which differs from standard SQL.

By default, table aliases are case sensitive on Unix, but not so on Windows or Mac OS X. The following statement would not work on Unix, because it refers to the alias both as a and as A:

Unquote ..

So although the column names are not case-sensitve, it is good practice to think of being case sensitve.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
powellt77

ASKER
Hi Both; Thanks for your replies.

So $_GET['id'] stops the errors, but I'm just not getting anything back from it in the page I'm making!

Question Points increased to 400
<?php

**database connection bits **

$query = "Select * from products WHERE ID = '". $_GET['ID']."'";

$result = mysql_query($query);

?>

<html>

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>Untitled</title>
</head>

<body>

<table width="859" border="1" cellspacing="5" cellpadding="0" align=center>
<tr>
  	<td width="73"><div align="center"><font face="Arial"><strong>ID</strong></font></div></td>
	<td width="169"><div align="center"><font face="Arial"><strong>ProductType</strong></font></div></td>
    <td width="190"><div align="center"><font face="Arial"><strong>ProductName</strong></font></div></td>
    <td width="150"><div align="center"><font face="Arial"><strong>SmallPic</strong></font></div></td>
    <td width="110"><div align="center"><font face="Arial"><strong>Price</strong></font></div></td>
    <td width="118"><div align="center"><font face="Arial"><strong>Active</strong></font></div></td>
  </tr>
<tr>
	<td class="style11"><div align="center"><font face="Arial" size=2><?php $result['ID'] ?></font></div></td>
	<td class="style11"><div align="center"><font face="Arial" size=2><?php $result['ProductType'] ?></font></div></td>
    <td class="style11"><div align="center"><font face="Arial" size=2><?php $result['ProductName'] ?></font></div></td>
    <td class="style11"><div align="center"><font face="Arial" size=2><?php $result['SmallPic'] ?></font></div></td>
    <td class="style11"><div align="center"><font face="Arial" size=2><?php $result['Price'] ?></font></div></td>
    <td class="style11"><div align="center"><font face="Arial" size=2><?php $result['Active'] ?></font></div></td>
  </tr>
</table>

</body>
</html>

Open in new window

Sandeep Kothari

you have to fetch the values first


try mysql_fetch_assoc ...

$row = mysql_fetch_assoc($result);

print_r($row);

Open in new window


powellt77

ASKER
kshna,

So close! lol - So I can see the output from the print. Just need it in the table!
Capture.JPG
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Sandeep Kothari

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question