Hi
I need help in regards to some algorithms & its PHP code.
Problem 1: Get a value from the database then display it as a link
Basically, I want to withdraw a value from the database then display it in the website as link.
I know how to get the value from the database but I have no idea on how to convert it into a link - is it possible?
Problem 2: Can you name or add an attribute to a link?
I need to let PHP know that I clicked the link, then withdraw a certain attribute / name of the link.
No idea how to do this.
Problem 3: Is it possible to pass a variable from one page to another?
First Page get variables then pass to second page then pass to third page
Im thinking of session is that correct? If so, how will I be able to pass multiple variables from a page to another?
[SOLVED] Need help regarding algorithm and PHP code
Moderator: General Moderators
[SOLVED] Need help regarding algorithm and PHP code
Last edited by Bbob on Fri Aug 13, 2010 7:26 am, edited 1 time in total.
Re: Need help regarding algorithm and PHP code
#1) If you have the value as a string, simply output some HTML and include that string in the <a> tag somewhere
#2) The "name" attribute, or some other attribute is not passed to PHP. So if you have a tag:, the "title" attribute will not be passed. The only way to pass information is...
#3)Through the URL. If you change your link to, then the "title" value will be passed in $_GET['title'].
If you don't want to pass everything in the URL, then yes - sessions are probably the easiest way to do it. Once you call session_start(), you can treat $_SESSION[] as a super global array you can write to. For example:
#2) The "name" attribute, or some other attribute is not passed to PHP. So if you have a tag:
Code: Select all
<a href = "somepage.php" title = "This is the title">Link</a>#3)Through the URL. If you change your link to
Code: Select all
<a href = "somepage.php?title=This is the link">Link</a>If you don't want to pass everything in the URL, then yes - sessions are probably the easiest way to do it. Once you call session_start(), you can treat $_SESSION[] as a super global array you can write to. For example:
Code: Select all
session_start();
$_SESSION['title'] = 'This is the link';Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Re: Need help regarding algorithm and PHP code
Hi,
Thanks for the reply.
Is it possible to insert a MySQL query in the ?title?
Ex.
page.php?title='SELECT name FROM table'
Thanks for the reply.
Is it possible to insert a MySQL query in the ?title?
Ex.
page.php?title='SELECT name FROM table'
-
shawngoldw
- Forum Contributor
- Posts: 212
- Joined: Mon Apr 05, 2010 3:38 pm
Re: Need help regarding algorithm and PHP code
yes you can, but DO NOT DO IT. Look up mysql injection. If you do that then I can type in my browser page.php?title='DELETE * FROM table' and your database will be gone. This is a MAJOR security flaw. mysql injection is a pretty deep topic, but this is basically what you should do:
page.php?page=name
The key things here are:
1. Escape the input with mysql_real_escape_string
2. enclose the name in single quotes
3. backticks around field and table names
You can and should also validate input before you build that sql query. This means make sure that page only contains letters or numbers or whatever it is that you expect it to be, but does not contain quotes or slashes, or other characters that you would not expect. In addition, and highly effectively you should check the value in page against a white list of acceptable values, eg. home, login, product, contact, etc.
Bottom line, NEVER accept a mysql statement in the query. Use values in the query in mysql but you MUST properly validate and escape them.
Shawn
page.php?page=name
Code: Select all
$page = $_POST["page"];
$sql = "SELECT `name` FROM `table` WHERE `page` = '" . mysql_real_escape_string($page) . "'";
1. Escape the input with mysql_real_escape_string
2. enclose the name in single quotes
3. backticks around field and table names
You can and should also validate input before you build that sql query. This means make sure that page only contains letters or numbers or whatever it is that you expect it to be, but does not contain quotes or slashes, or other characters that you would not expect. In addition, and highly effectively you should check the value in page against a white list of acceptable values, eg. home, login, product, contact, etc.
Bottom line, NEVER accept a mysql statement in the query. Use values in the query in mysql but you MUST properly validate and escape them.
Shawn
Re: Need help regarding algorithm and PHP code
Hi
Thank you all for the replies.
I need one last help regarding about my questions. Im still having a hard time trying to do what Im thinking of.
Here's what Im trying to do
1: I have a customerinfo table that has a lot of customer data.
2: Each row inside the table has a url column named detailedcustomer.php
This is what it looks like
customerid | customername | contactperson | contactaddress | url
1 | customer1 | contact1 | address1 | detailedcustomer.php
2 | customer2 | contact2 | address2 | detailedcustomer.php
3 | customer3 | contact3 | address3 | detailedcustomer.php
3: When I display the customername in "customerlist.php" I want it to be displayed as a link - I figured this out thanks guys <tr><a href=""> customer1 </a></tr>
4: When the customername is clicked I want it to redirect to "customerdetail.php" - <tr><a href="customerdetail"> customer1 </a></tr>
5: When it redirects to the "customerdetail.php", I want to be able to take the label the link was assigned to. Ex. in 3 the label was customer1
6: I need to be able to take that value so I can use the label in a MySQL query to compare the customername clicked and the customername in the database to be able to retrieve the contactperson, contactadress and display it in detailcustomer.php
I know I can just create a webpage for each customer but my problem there is what if a new customer registers or what if there are a hundred of customers.
The part Im having problem is in parts 5 and 6 - Please help me in this...Ive been thinking about this for 3 days now and I still cant get a clear idea on how to it.
But if you have another easy way to do what Im trying to do, feel free to post it.
Thank you all for the replies.
I need one last help regarding about my questions. Im still having a hard time trying to do what Im thinking of.
Here's what Im trying to do
1: I have a customerinfo table that has a lot of customer data.
2: Each row inside the table has a url column named detailedcustomer.php
This is what it looks like
customerid | customername | contactperson | contactaddress | url
1 | customer1 | contact1 | address1 | detailedcustomer.php
2 | customer2 | contact2 | address2 | detailedcustomer.php
3 | customer3 | contact3 | address3 | detailedcustomer.php
3: When I display the customername in "customerlist.php" I want it to be displayed as a link - I figured this out thanks guys <tr><a href=""> customer1 </a></tr>
4: When the customername is clicked I want it to redirect to "customerdetail.php" - <tr><a href="customerdetail"> customer1 </a></tr>
5: When it redirects to the "customerdetail.php", I want to be able to take the label the link was assigned to. Ex. in 3 the label was customer1
6: I need to be able to take that value so I can use the label in a MySQL query to compare the customername clicked and the customername in the database to be able to retrieve the contactperson, contactadress and display it in detailcustomer.php
I know I can just create a webpage for each customer but my problem there is what if a new customer registers or what if there are a hundred of customers.
The part Im having problem is in parts 5 and 6 - Please help me in this...Ive been thinking about this for 3 days now and I still cant get a clear idea on how to it.
But if you have another easy way to do what Im trying to do, feel free to post it.
- AbraCadaver
- DevNet Master
- Posts: 2572
- Joined: Mon Feb 24, 2003 10:12 am
- Location: The Republic of Texas
- Contact:
Re: Need help regarding algorithm and PHP code
In brief:
detailedcustomer.php
Code: Select all
<a href="customerdetail.php?id=3">customer3</a>Code: Select all
if(!isset($_GET['id'])) { die("No customer selected"); }
$id = (int)$_GET['id'];
//SELECT * from customerinfo WHERE customerid=$id
//echo out the detailsmysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Re: Need help regarding algorithm and PHP code
Hi
Thank you for the replies, I already got it from another source.
The code is long but if you want me to post just so say.
Thank you guys for bearing with me on this!
Thank you for the replies, I already got it from another source.
The code is long but if you want me to post just so say.
Thank you guys for bearing with me on this!