[SOLVED] Need help regarding algorithm and PHP code

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Bbob
Forum Commoner
Posts: 57
Joined: Sat Aug 07, 2010 4:46 am

[SOLVED] Need help regarding algorithm and PHP code

Post by Bbob »

Hi

I need help in regards to some algorithms & its PHP code.


Problem 1: Get a value from the database then display it as a link

Basically, I want to withdraw a value from the database then display it in the website as link.

I know how to get the value from the database but I have no idea on how to convert it into a link - is it possible?


Problem 2: Can you name or add an attribute to a link?

I need to let PHP know that I clicked the link, then withdraw a certain attribute / name of the link.

No idea how to do this.


Problem 3: Is it possible to pass a variable from one page to another?

First Page get variables then pass to second page then pass to third page

Im thinking of session is that correct? If so, how will I be able to pass multiple variables from a page to another?
Last edited by Bbob on Fri Aug 13, 2010 7:26 am, edited 1 time in total.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Need help regarding algorithm and PHP code

Post by pickle »

#1) If you have the value as a string, simply output some HTML and include that string in the <a> tag somewhere

#2) The "name" attribute, or some other attribute is not passed to PHP. So if you have a tag:

Code: Select all

<a href = "somepage.php" title = "This is the title">Link</a>
, the "title" attribute will not be passed. The only way to pass information is...

#3)Through the URL. If you change your link to

Code: Select all

<a href = "somepage.php?title=This is the link">Link</a>
, then the "title" value will be passed in $_GET['title'].

If you don't want to pass everything in the URL, then yes - sessions are probably the easiest way to do it. Once you call session_start(), you can treat $_SESSION[] as a super global array you can write to. For example:

Code: Select all

session_start();
$_SESSION['title'] = 'This is the link';
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Bbob
Forum Commoner
Posts: 57
Joined: Sat Aug 07, 2010 4:46 am

Re: Need help regarding algorithm and PHP code

Post by Bbob »

Hi,

Thanks for the reply.



Is it possible to insert a MySQL query in the ?title?

Ex.

page.php?title='SELECT name FROM table'
shawngoldw
Forum Contributor
Posts: 212
Joined: Mon Apr 05, 2010 3:38 pm

Re: Need help regarding algorithm and PHP code

Post by shawngoldw »

yes you can, but DO NOT DO IT. Look up mysql injection. If you do that then I can type in my browser page.php?title='DELETE * FROM table' and your database will be gone. This is a MAJOR security flaw. mysql injection is a pretty deep topic, but this is basically what you should do:

page.php?page=name

Code: Select all

$page = $_POST["page"];
$sql = "SELECT `name` FROM `table` WHERE `page` = '" . mysql_real_escape_string($page) . "'";
The key things here are:
1. Escape the input with mysql_real_escape_string
2. enclose the name in single quotes
3. backticks around field and table names

You can and should also validate input before you build that sql query. This means make sure that page only contains letters or numbers or whatever it is that you expect it to be, but does not contain quotes or slashes, or other characters that you would not expect. In addition, and highly effectively you should check the value in page against a white list of acceptable values, eg. home, login, product, contact, etc.

Bottom line, NEVER accept a mysql statement in the query. Use values in the query in mysql but you MUST properly validate and escape them.

Shawn
Bbob
Forum Commoner
Posts: 57
Joined: Sat Aug 07, 2010 4:46 am

Re: Need help regarding algorithm and PHP code

Post by Bbob »

Hi

Thank you all for the replies.

I need one last help regarding about my questions. Im still having a hard time trying to do what Im thinking of.

Here's what Im trying to do

1: I have a customerinfo table that has a lot of customer data.
2: Each row inside the table has a url column named detailedcustomer.php

This is what it looks like

customerid | customername | contactperson | contactaddress | url
1 | customer1 | contact1 | address1 | detailedcustomer.php
2 | customer2 | contact2 | address2 | detailedcustomer.php
3 | customer3 | contact3 | address3 | detailedcustomer.php


3: When I display the customername in "customerlist.php" I want it to be displayed as a link - I figured this out thanks guys <tr><a href=""> customer1 </a></tr>
4: When the customername is clicked I want it to redirect to "customerdetail.php" - <tr><a href="customerdetail"> customer1 </a></tr>
5: When it redirects to the "customerdetail.php", I want to be able to take the label the link was assigned to. Ex. in 3 the label was customer1
6: I need to be able to take that value so I can use the label in a MySQL query to compare the customername clicked and the customername in the database to be able to retrieve the contactperson, contactadress and display it in detailcustomer.php


I know I can just create a webpage for each customer but my problem there is what if a new customer registers or what if there are a hundred of customers.

The part Im having problem is in parts 5 and 6 - Please help me in this...Ive been thinking about this for 3 days now and I still cant get a clear idea on how to it.

But if you have another easy way to do what Im trying to do, feel free to post it.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: Need help regarding algorithm and PHP code

Post by AbraCadaver »

In brief:

Code: Select all

<a href="customerdetail.php?id=3">customer3</a>
detailedcustomer.php

Code: Select all

if(!isset($_GET['id'])) { die("No customer selected"); }
$id = (int)$_GET['id'];
//SELECT * from customerinfo WHERE customerid=$id
//echo out the details
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Bbob
Forum Commoner
Posts: 57
Joined: Sat Aug 07, 2010 4:46 am

Re: Need help regarding algorithm and PHP code

Post by Bbob »

Hi

Thank you for the replies, I already got it from another source.

The code is long but if you want me to post just so say.




Thank you guys for bearing with me on this!
Post Reply