Display selected record that has been passed to URL

Re: Display selected record that has been passed to URL

Ren:

I'm not sure what you're looking for. Basically, your newpage.php will
use code similar to what you must have used on the first page you
describe - the one that lists the records. You will get your primary
key by looking at $_GET["recordID"] and assigning it to a variable
(like $id). Of course you will want to validate this value and make
sure it is an integer and nothing else (search for sql injection
attacks to see why).

Then, you will execute a select against your table like (SELECT * FROM
table WHERE recordID = $id) using the passed recordID. Use the
appropriate functions/syntax (these will differ if you are using PEAR
DB or native php functions, and depending on how you want to display
the data) to navigate through your result set and write out the data as
html.

HTH,
Josh

Re: Display selected record that has been passed to URL

Thanks for the quick reply.

It sounds easy from what you have stated but I still can't seem to get it to
work.

I think it may be something to do with my select statement. Here is a
sample of the code.

$RID = $_GET['recordID'];

$query = "SELECT * FROM dvd WHERE id = '$RID'";
$result = mysql_query($qu ery);
print ("$result[title]");

Just to let you know that the table is called 'dvd' and 'id' and 'title' are
column names in my table.

I am just trying to display the 'title' of the selected record.

Thanks
Slack

Re: Display selected record that has been passed to URL


Ren wrote:[color=blue]
> Thanks for the quick reply.
>
> It sounds easy from what you have stated but I still can't seem to get it to
> work.
>
> I think it may be something to do with my select statement. Here is a
> sample of the code.
>
> $RID = $_GET['recordID'];
>
> $query = "SELECT * FROM dvd WHERE id = '$RID'";
> $result = mysql_query($qu ery);
> print ("$result[title]");
>
> Just to let you know that the table is called 'dvd' and 'id' and 'title' are
> column names in my table.
>
> I am just trying to display the 'title' of the selected record.
>
> Thanks
> Slack[/color]

..........try this (change hostname, username, password, database_name
accordingly).

$RID = $_GET['recordID'];
$query = " SELECT * FROM dvd WHERE id = '$RID' ";

$dbcnx = @mysql_connect( "localhost" , "username", "password") ;
or die(mysql_error ());

if (!@mysql_select _db("database_n ame", $dbcnx)) die(mysql_error ());

if (!($result = @mysql_query($q uery, $dbcnx)) ) die(mysql_error ());

while($row = @mysql_fetch_ro w($result))
{
echo $row['title'];
echo "<br>";
}

if(!(mysql_clos e($dbcnx))) die(mysql_error ());


HTH,
Hemanth

Re: Display selected record that has been passed to URL

Ren, I have written up an article on SQL Injections that you might want
to look at, too. A SQL Injection is caused when an end-user modifies
your input value and adds their own SQL to it (which could result in a
deleted DB table or worse). For this particular example you could do
something simple like

if(!is_numeric( $RID))
{
die("Invalid Input");
}

More information is here:

Re: Display selected record that has been passed to URL

Thanks Adam for the link.