Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

being selective about ids 2

Status
Not open for further replies.
purcion

purcion

Programmer
Feb 14, 2005
32
AU
hi Im using this code to make list of a mysql table
=======================================================
<?php

$getnews = mysql_query("select * from tblZ_Test ORDER BY id DESC ");
while($r=mysql_fetch_array( $getnews)){
extract($r);

echo '<a href = "
}
?>
=========================================================
Ok so what i have done obviously is created a list of links each one having the title field from my table as the text. on the table there are 6 fields eg $id , $description
$name , $date ect , now how do I make it so that these coresponding fields are avaliable for use on the return.php page. Imagine this is the main page I have already made the connection to the table and made the variables avaliable.To now simply be able to echo the related fields from return.php depending on which title link I click on ,I shouldnt have to reconect to the table should I.I have some trouble getting my head around being able to be specific about which $id I can display
If some one could make a small example it would be of great help to me .
Thanks again
 
Sort by date Sort by votes
Here's what I think you're trying to accomplish:
Code: 
<?php
$q = "select title,id from tblZ_Test ORDER BY id DESC";         
$getnews = mysql_query($q) or die('Problem with query: '. $q.'<br>echo mysql_error());
while($r=mysql_fetch_assoc($getnews))
    echo '<a href = "[URL unfurl="true"]http://www.address/A/B/return.php?id='.[/URL] $r['id'] . '">' . $r['title'] . "</a><BR>\n";
?>
This code will pass the ID of the row described by the TITLE to "return.php". In return.php, get that value by using $_GET['id']. Use the id to retrieve the record and process it. If you don't want to have to re-retieve the record, you would have to pass all the fields in the URL.

Ken
 
Upvote 0 Downvote
The thing about GET parameters is that if they are clear text, anyone can go and append values to the URL and proble the content of the table. If you need not be concerned about that, then go that way.
You could also write just a little en/decryption function which makes the value appended not easily recognizable. If the unencrypted values are sequential you give the table away to probing. If you use an encyption function probing will be much harder.
 
Upvote 0 Downvote
Thanks very much thats great so if I want to display the results in returnphp I do this

return.php
====================================================
<?PHP
$id=$_GET['id'];

print("$id");

?>
=====================================================
is there a way to supress the data being shown in the url

so if I did this in the main links page

echo '<a href = " $r['id'] . ''.$r['title'].''.$r['description'].''.$r['name'].''.$r['date'].''.$r['image'].'">' . $r['title'] . "</a><BR>\n";
?>

I mean is this the right way to do what i want it seems like a lot of stuff to attatch to the url.Is there a more silent way to make the corresponding data avaliable on another page.Just wondering if is it possible to pass the data onto the page but not have it show in the url..?

return.php
is this correct way to call the data
====================================================
<?PHP
$id=$_GET['id'];
$name=$_GET['name'];
$description=$_GET['description'];
//ect
print("$id");
print("$name");
print("$description");

?>
=====================================================
Thanks
 
Upvote 0 Downvote
All you need is the ID. There is not much overhead in querying the database again with the ID on the return page.
 
Upvote 0 Downvote
yeah but thats what i dont get ,
could you be so kind as to demonstrate to me how to do this as the only value i can echo on the return page is the id using kens example.
 
Upvote 0 Downvote
On the return page:
Code: 
$sql = "SELECT * FROM tblZ_Test WHERE id = ".$_GET['id'];
$result = mysql_query($sql) OR die('Error: '.mysql_error());
$row = mysql_fetch_assoc($result);
After this you have the values in $row.
 
Upvote 0 Downvote
In the return.php file:
Code: 
<?php
$q = "select * from tblZ_Test where id='" . $_GET['id'] . "'";         
$getnews = mysql_query($q) or die('Problem with query: '. $q.'<br>echo mysql_error());
$rs = @mysql_fetch_assoc[$getnews];
echo $rs['description]; // ... or other fields

Use this as a starting point. You really should do some sanity checking on the value of $_GET['id'] before you use it.

If you don't want to do another database call in return.php, there are other ways of passing the information.
For example you can use sessions. As the first statement in each program put the line "session_start();", then in your first program:
Code: 
<?php
$q = "select * from tblZ_Test ORDER BY id DESC";         
$getnews = mysql_query($q) or die('Problem with query: '. $q.'<br>echo mysql_error());
while($r=mysql_fetch_assoc($getnews)) {
   $_SESSION['tblZ'][$getnews['id']] = $getnews;
    echo '<a href = "[URL unfurl="true"]http://www.address/A/B/return.php?id='.[/URL] $r['id'] . '">' . $r['title'] . "</a><BR>\n"; }
?>
This stores each row in a SESSION variable.

In return.php:
Code: 
<?
session_start();
$getnews = $_SESSION['tblZ'][$_GET['id']];
echo $getnews['description']; // or other fields
?>
My comment about sanity checking still applies here.

Ken
 
Upvote 0 Downvote
hey thanks fellas ,thats what i needed
I really appreciate the fact that you perservered with me all that you have suggested has helped me now to get control of this concept.
Im not sure exactly what ken means by sanity checking the value of the id .I guess i could google that phrase and it might turn something up.
anyway thanks again
 
Upvote 0 Downvote
By sanity checking, I mean that before you use it, make sure it is in the form you want. In this case all numeric. This is to make sure no one is trying to do something behind you're back. There are people out there who will find a URL that uses parameters passed on the URL and try to do nasty things with it.

For example (This happened to me). I had a PHP program that downloaded a file. At first I didn't have any sanity checking the file to be downloaded. Some hackers found the URL and tried to get the password file. The managed to get a password file, but not the one they were looking for. I immediately put error checking in.

Ken
 
Upvote 0 Downvote
Ps. When you generate menus like this, please use
Code: 
<ul>
  <li>item 1</li>
  <li>item 2</li>
</ul>
This is way better than just doing:
Code: 
item 1<br />
item 2<br />
or:
Code: 
<table>
  <tr>
    <td>
      item 2
    </td>
  </tr>
  <tr>
    <td>
      item 2
    </td>
  </tr>
</table>
Not just for loading-time, but also for web-spiders, as they can then easier identify that content as a group.

Remember: use CSS to style the list afterwards! (if you want).

If you also make your design with <div>'s and CSS, it will load faster, be better for spiders, etc.

It may not work as expected for people with Very old browsers, but hey! They should just download some newer browser :p

As long as it validates xhtml 1.0 and CSS validation, I think it's good.

Olav Alexander Mjelde
Admin & Webmaster
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

BobMCT
  • Locked
  • Question
Question about executing functions?
Replies
2
Views
132
feherke
feherke
PCHomepage
  • Locked
  • Question
Image Being Overwritten
Replies
9
Views
124
PCHomepage
PCHomepage
jay8abear
  • Locked
  • Question
login script being silly, sessions?
Replies
2
Views
49
jay8abear
jay8abear
southbeach
  • Locked
  • Question
A question about text file + arrays + sorting arrays before I dive in! 1
Replies
5
Views
107
jpadie
jpadie
caffrinho
  • Locked
  • Question
Session Variables not being passed 2
Replies
15
Views
147
jpadie
jpadie

Part and Inventory Search

Sponsor

Back
Top