tags:

views:

31

answers:

4
Q: 

Display only queried ID+row PHP/MySQL

Hi,

I have my data stored in a MySQL table, which includes an auto_increment ID number (unique) for each new row.

I'd like users to be able to get a certain ID number, using the $_GET function.

eg. User loads http://mysite.com/id.php?id=123
Page displays ID number 123 along with the row.

echo $row['id'];
echo "<table>";
echo "<tr> <th>Unit</th> <th>Message</th> <th>Date</th> </tr>";
while($row = mysql_fetch_array( $result )) {

echo "<tr><td>";
echo $row['title'];
echo "</td><td>";
echo $row['description'];
echo "</td><td>";
echo $row['pubDate'];
echo "</td></tr>";

}
echo "</table>";
echo "</center>";

I'm stuck as to where I put the $_GET bit.

Thanks :)

+2  A: 

You should append it to your query (using intval to avoid SQL injection) like this:

// use the id in your WHERE clause, convert it to an integer to avoid sql injections
$query = 'SELECT fields FROM table WHERE id = ' . intval($_GET['id']);

$result = mysql_query($query);
$row = mysql_fetch_row($result);

... do stuff with $row ...
Max  2010-08-19 08:32:01
btw - intval is weird: `echo intval(array('foo', 'bar')); // 1` - what???
Dominic Rodger  2010-08-19 08:33:53
@Dominic Rodger PHP is (sometimes) weird ;). Thanks for the edit!
Max  2010-08-19 08:35:25
Great, thanks :)Full code if anyone ever wants it: http://codepad.org/H3l5RtrV
Dean  2010-08-19 08:37:20
@Dean - you're still using `$row` before it's set (you use it on line 14, it's set on line 17).
Dominic Rodger  2010-08-19 08:45:11
A: 

Firstly, your code does not make much sense, since you use $row before it was defined.

Secondly, $result isn't defined at all, and it should be, for example like this:

$id     = intval($_GET['id']);
$result = mysql_query("SELECT FROM table WHERE id = '$id'");

And now you know how and where to use $_GET['id'].

Mewp  2010-08-19 08:32:54
I only put in a snip of it, it's defined earlier.
Dean  2010-08-19 08:40:16
A:  
$id = $_GET['id'];
$id = mysql_real_escape_string($id);
$query = "SELECT * FROM `Table` WHERE `id`='" . $id . "'";
$res = mysql_query ($query);
$exist = mysql_num_rows($res);
if ($exist) {
   $row = mysqlfetch_assoc($res);
   ...
}
Alexander.Plutov  2010-08-19 08:34:06
`yourpage.com?id='; DELETE * FROM Table; SELECT * FROM Table WHERE id='3`
Dominic Rodger  2010-08-19 08:35:33
This query will not work, because data and fields are escaped.
Alexander.Plutov  2010-08-19 08:54:34
@Alexander - they are now!
Dominic Rodger  2010-08-19 15:09:59
A: 

Dont waste your time doing the comparison afterwards, you'll save yourself alot of time by adding it to the original query

$id = intval($_GET['id']);
$query = "SELECT whatever FROM table WHERE id=$id";
Daniel Hanly  2010-08-19 08:34:59
Yeah, that's what I thought. Couldnt work out how to put it in there though.Thanks for the elaboration.
Dean  2010-08-19 08:40:48

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL