[ask]SELECT * FROM product WHERE id=' '???

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nitediver
Forum Contributor
Posts: 109
Joined: Tue Feb 24, 2009 9:05 am

[ask]SELECT * FROM product WHERE id=' '???

Post by nitediver »

I got this page...
Image

This the code...
view_product.php

Code: Select all

<?
include "../conf.php";
 
$view = mysql_query("SELECT * FROM product ORDER BY id ASC");
 
echo ("
<table width=\"100%\" id=\"head\">
  <tr>
    <td width=\"\">#</td>
    <td width=\"5%\"><b>id</b></td>
    <td width=\"20%\"><b>name</b></td>
    <td width=\"25%\"><b>price</b></td>
    <td width=\"25%\"><b>manufacture</b></td>
    <td width=\"20%\"><b>size</b></td>
    <td width=\"5%\"><b>order</b></td>
  </tr>
</table>
");
while ($result = mysql_fetch_array($view))
{
echo ("
<a href=\"#\" class=\"des\">
<table width=\"100%\" id=\"list\">
  <tr id=\"field\">
    <td width=\"\"><input type=checkbox name=del[] id=del value=$result[id]></td>
    <td width=\"5%\">$result[id]</td>
    <td width=\"20%\">$result[name]</td>
    <td width=\"25%\">$result[price]</td>
    <td width=\"25%\">$result[manufac]</td>
    <td width=\"20%\">$result[size]</td>
    <td width=\"5%\"><a href=\"edit_product2.php\">Edit</a></td>
  </tr>
</table>
</a>
");
}
?>
edit_product.php

Code: Select all

<?
include "../conf.php";
 
$view = mysql_query("SELECT * FROM product WHERE id=' ' ");
 
echo ("
<pre>
Name        : $view[name]
Price       : $view[price]
Manufacture : $view[manuf]
Size        : $view[size]
</pre>
");
?>
What i wanna do is,
when i click on "Edit" then open page "view_product.php",
but the ID from the page before still carry on,
so the content of page "edit_product.php" is based on id from database...

as far as i know, i have to put something here...
("SELECT * FROM product WHERE id=' ' ")


but now im stuck,
please i really need help,
thanks..
User avatar
papa
Forum Regular
Posts: 958
Joined: Wed Aug 27, 2008 3:36 am
Location: Sweden/Sthlm

Re: [ask]SELECT * FROM product WHERE id=' '???

Post by papa »

You can add it to the edit url:

Code: Select all

 
<a href=\"edit_product2.php?id=$product_id\">
 
On the next page you can get that variable using $_GET.

Code: Select all

echo $_GET['id'];
nitediver
Forum Contributor
Posts: 109
Joined: Tue Feb 24, 2009 9:05 am

Re: [ask]SELECT * FROM product WHERE id=' '???

Post by nitediver »

yeah, this is what i mean,
$_GET
but ive no idea how to implement,

thanks, ill try that...
w1n78
Forum Newbie
Posts: 12
Joined: Mon Mar 08, 2010 10:55 pm

Re: [ask]SELECT * FROM product WHERE id=' '???

Post by w1n78 »

make sure you use

mysql_real_escape_string($_GET['id']);

so that you won't get hit with sql injection attacks
nitediver
Forum Contributor
Posts: 109
Joined: Tue Feb 24, 2009 9:05 am

Re: [ask]SELECT * FROM product WHERE id=' '???

Post by nitediver »

@win78
thanks for advice, but where should I put that code?
did u mean like this,

Code: Select all

 
$id = mysql_real_escape_string($_GET['id']);
 
$view = mysql_query("SELECT * FROM product WHERE id='$id' ORDER BY id DESC");
$fetch = mysql_fetch_array($view);
 
@papa
at first the code doesnt work,
after few try & error, I end up with these,
it's work, thanks for give me the clue...

Code: Select all

 
<a href=\"view_product2.php?id=$result[id]\">Edit</a>
 
 
 

Code: Select all

 
$id = $_GET['id'];
 
$view = mysql_query("SELECT * FROM product WHERE id='$id' ORDER BY id DESC");
$fetch = mysql_fetch_array($view);
 
w1n78
Forum Newbie
Posts: 12
Joined: Mon Mar 08, 2010 10:55 pm

Re: [ask]SELECT * FROM product WHERE id=' '???

Post by w1n78 »

you can use it this way

Code: Select all

 
$id = stripslashes($_GET['id']);
$view = mysql_query(sprintf("SELECT * FROM product WHERE id = '%d' ORDER BY id DESC",mysql_real_escape_string($id)));
 
nitediver
Forum Contributor
Posts: 109
Joined: Tue Feb 24, 2009 9:05 am

Re: [ask]SELECT * FROM product WHERE id=' '???

Post by nitediver »

what those code use forstripslashes() ?
I try search, & found these...

stripslashes()
An example use of stripslashes() is when the PHP directive magic_quotes_gpc is on (it's on by default), and you aren't inserting this data into a place (such as a database) that requires escaping. For example, if you're simply outputting data straight from an HTML form.
But I dont really understand, since Im new in php,
would u help me to describe it in ur own word,

thanks,
DaiLaughing
Forum Commoner
Posts: 76
Joined: Thu Jul 16, 2009 8:03 am

Re: [ask]SELECT * FROM product WHERE id=' '???

Post by DaiLaughing »

Stripslashes is an outdated function I believe. mysql_real_escape is the recommended method.

As for the problem you were getting:

Code: Select all

<a href=\"view_product2.php?id=$result[id]\">Edit</a>
That suggests you have a quoting problem in the php where you create the table data. You want the contents of $result[id] but you are getting the name of the variable/array instead. I can't see from your code how you are doing this but my guess would be that you have left PHP (?>) and just typed the HTML including the variable name. If so you need to start PHP again and include the variable. Something like:

Code: Select all

<tr><td><a href="fred.php?id=$result[id]">Something or other</a></td>
Should be:

Code: Select all

<tr><td><a href="fred.php?id=<?php $result[id] ?>">Something or other</a></td>
That's not my preferred way but it's easiest to explain as tired as I am! If that's not it post the code which generates your table here.
nitediver
Forum Contributor
Posts: 109
Joined: Tue Feb 24, 2009 9:05 am

Re: [ask]SELECT * FROM product WHERE id=' '???

Post by nitediver »

@DaiLaughing
I think you misunderstood my question,
this code is work, I put the html inside the php, thats why Im using \\...

Code: Select all

 
<a href=[b]\"view_product2.php?id=$result[id]\"[/b]>Edit</a>
 
and my question is about, the use of "stripslashes()"...

but, thanks for being care...
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: [ask]SELECT * FROM product WHERE id=' '???

Post by McInfo »

The stripslashes() function removes backslashes that Magic Quotes might have added to escape certain characters in user-submitted data (through GET, POST, and cookies).

If Magic Quotes is disabled, stripslashes() will still remove backslashes -- ones that should not be removed. Therefore, you should test whether Magic Quotes is enabled (get_magic_quotes_gpc()) before stripping slashes.

Read about Magic Quotes and SQL injection in the manual.

Edit: This post was recovered from search engine cache.
Last edited by McInfo on Thu Jun 17, 2010 5:19 pm, edited 1 time in total.
DaiLaughing
Forum Commoner
Posts: 76
Joined: Thu Jul 16, 2009 8:03 am

Re: [ask]SELECT * FROM product WHERE id=' '???

Post by DaiLaughing »

Sorry, told you i was tired - I didn't see the slashes!
Post Reply