Page 1 of 1

[SOLVED] Need help regarding algorithm and PHP code

Posted: Mon Aug 09, 2010 9:10 am
by Bbob
Hi

I need help in regards to some algorithms & its PHP code.


Problem 1: Get a value from the database then display it as a link

Basically, I want to withdraw a value from the database then display it in the website as link.

I know how to get the value from the database but I have no idea on how to convert it into a link - is it possible?


Problem 2: Can you name or add an attribute to a link?

I need to let PHP know that I clicked the link, then withdraw a certain attribute / name of the link.

No idea how to do this.


Problem 3: Is it possible to pass a variable from one page to another?

First Page get variables then pass to second page then pass to third page

Im thinking of session is that correct? If so, how will I be able to pass multiple variables from a page to another?

Re: Need help regarding algorithm and PHP code

Posted: Mon Aug 09, 2010 9:57 am
by pickle
#1) If you have the value as a string, simply output some HTML and include that string in the <a> tag somewhere

#2) The "name" attribute, or some other attribute is not passed to PHP. So if you have a tag:

Code: Select all

<a href = "somepage.php" title = "This is the title">Link</a>
, the "title" attribute will not be passed. The only way to pass information is...

#3)Through the URL. If you change your link to

Code: Select all

<a href = "somepage.php?title=This is the link">Link</a>
, then the "title" value will be passed in $_GET['title'].

If you don't want to pass everything in the URL, then yes - sessions are probably the easiest way to do it. Once you call session_start(), you can treat $_SESSION[] as a super global array you can write to. For example:

Code: Select all

session_start();
$_SESSION['title'] = 'This is the link';

Re: Need help regarding algorithm and PHP code

Posted: Tue Aug 10, 2010 3:17 am
by Bbob
Hi,

Thanks for the reply.



Is it possible to insert a MySQL query in the ?title?

Ex.

page.php?title='SELECT name FROM table'

Re: Need help regarding algorithm and PHP code

Posted: Tue Aug 10, 2010 7:10 am
by shawngoldw
yes you can, but DO NOT DO IT. Look up mysql injection. If you do that then I can type in my browser page.php?title='DELETE * FROM table' and your database will be gone. This is a MAJOR security flaw. mysql injection is a pretty deep topic, but this is basically what you should do:

page.php?page=name

Code: Select all

$page = $_POST["page"];
$sql = "SELECT `name` FROM `table` WHERE `page` = '" . mysql_real_escape_string($page) . "'";
The key things here are:
1. Escape the input with mysql_real_escape_string
2. enclose the name in single quotes
3. backticks around field and table names

You can and should also validate input before you build that sql query. This means make sure that page only contains letters or numbers or whatever it is that you expect it to be, but does not contain quotes or slashes, or other characters that you would not expect. In addition, and highly effectively you should check the value in page against a white list of acceptable values, eg. home, login, product, contact, etc.

Bottom line, NEVER accept a mysql statement in the query. Use values in the query in mysql but you MUST properly validate and escape them.

Shawn

Re: Need help regarding algorithm and PHP code

Posted: Thu Aug 12, 2010 10:13 am
by Bbob
Hi

Thank you all for the replies.

I need one last help regarding about my questions. Im still having a hard time trying to do what Im thinking of.

Here's what Im trying to do

1: I have a customerinfo table that has a lot of customer data.
2: Each row inside the table has a url column named detailedcustomer.php

This is what it looks like

customerid | customername | contactperson | contactaddress | url
1 | customer1 | contact1 | address1 | detailedcustomer.php
2 | customer2 | contact2 | address2 | detailedcustomer.php
3 | customer3 | contact3 | address3 | detailedcustomer.php


3: When I display the customername in "customerlist.php" I want it to be displayed as a link - I figured this out thanks guys <tr><a href=""> customer1 </a></tr>
4: When the customername is clicked I want it to redirect to "customerdetail.php" - <tr><a href="customerdetail"> customer1 </a></tr>
5: When it redirects to the "customerdetail.php", I want to be able to take the label the link was assigned to. Ex. in 3 the label was customer1
6: I need to be able to take that value so I can use the label in a MySQL query to compare the customername clicked and the customername in the database to be able to retrieve the contactperson, contactadress and display it in detailcustomer.php


I know I can just create a webpage for each customer but my problem there is what if a new customer registers or what if there are a hundred of customers.

The part Im having problem is in parts 5 and 6 - Please help me in this...Ive been thinking about this for 3 days now and I still cant get a clear idea on how to it.

But if you have another easy way to do what Im trying to do, feel free to post it.

Re: Need help regarding algorithm and PHP code

Posted: Thu Aug 12, 2010 10:25 am
by AbraCadaver
In brief:

Code: Select all

<a href="customerdetail.php?id=3">customer3</a>
detailedcustomer.php

Code: Select all

if(!isset($_GET['id'])) { die("No customer selected"); }
$id = (int)$_GET['id'];
//SELECT * from customerinfo WHERE customerid=$id
//echo out the details

Re: Need help regarding algorithm and PHP code

Posted: Thu Aug 12, 2010 6:08 pm
by Bbob
Hi

Thank you for the replies, I already got it from another source.

The code is long but if you want me to post just so say.




Thank you guys for bearing with me on this!