Page 1 of 1

SQL based dynamic linking

Posted: Tue Nov 24, 2009 5:41 am
by sokko
Hello,

First of all I am aware that my title may be confusing, so please forgive me this, English is not my native language so I will try to do my best to be clear but I can't promise anything.

Second, I have been searching the Web and this forum without any results so I hope you also forgive me if this was already posted, maybe I inserted the wrong keywords.

Then, my problem :wink: :

I am creating an online store based on a mySQL database with PHP 5. Using my database, I generate a menu page store.php automatically (listing and formatting each categorie of products). By clicking on one of these links, I should now display all the products in the categories on a page product.php (also automatically generated from the database).

The code in store.php looks like this:

Code: Select all

    <?php
    $link = mysql_connect('myLocal','myName','myPassword');
    if (!$link) {
        die('Could not connect: ' . mysql_error());
    }
    mysql_select_db("MYDB", $link);
    $result = mysql_query("SELECT * FROM MYSTORE");
    while($row = mysql_fetch_array($result)) {
        echo "Name : <a href='product.php'>";
        echo $row['NAME'];
        echo "</a><br />Description : ";
        echo $row['DESCRIPTION'];
        echo "<br />ID : ";
        echo $row['ID'];
        echo "<br />";
    }
    mysql_close($link);
?>
My question is : how do I send the information to product.php so that product.php knows which product category the user clicked on ?

My guess is to work with $_SESSION but I have no idea how to give different values only related to the links. Maybe it's also not the right tool to use.

Any help is welcome, even if it's a RTFW with a link :wink:

Re: SQL based dynamic linking

Posted: Tue Nov 24, 2009 3:03 pm
by tr0gd0rr
You probably just need to put something in the GET string:

For example on your line 12, try

Code: Select all

echo "Name : <a href='product.php?ID=" . $row['ID'] . "'>";
So your user will then be directed to "product.php?ID=100" for example.
Then in product.php, you can read the ID from $_GET:

Code: Select all

$result = mysql_query("SELECT * FROM MYSTORE WHERE ID = " . (int) $_GET['ID']);
Casting with (int) will prevent SQL injection hacking in that simple case.

Re: SQL based dynamic linking

Posted: Tue Nov 24, 2009 9:45 pm
by sokko
Perfect. Somehow when I tried the GET, it didn't work at all so I gave up and thought it was related with a form only.

Thank you.