Another question about URL-passed vars

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Wldrumstcs
Forum Commoner
Posts: 98
Joined: Wed Nov 26, 2003 8:41 pm

Another question about URL-passed vars

Post by Wldrumstcs »

Ok, I made a page showing a list of all the social studies teachers from my school. It basically displays info from a database. I created a link on each teachers name to a page called "view.php" that is specific to every teacher. To clarify, here is my script on the page "teachers.php":

Code: Select all

mysql_connect("localhost","$username","$password") or die ("Unable to connect to MySQL server."); 
$db = mysql_select_db("$database") or die ("Unable to select requested database.");

$result = mysql_query("select count(*) from teachers");
$number = mysql_result($result, 0);

$query="SELECT * FROM teachers ORDER BY id ASC";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

$i=0;
while ($i < $num) {
$id=mysql_result($result,$i,"id");
$username=mysql_result($result,$i,"username");
$subjects=mysql_result($result,$i,"subjects");
$phone=mysql_result($result,$i,"phone");
$email=mysql_result($result,$i,"email");

	echo "

			<tr>
				<td width='25%'>
				<p align='center'><a href="view.php?id=$id">$username</a></td>
				<td width='25%'>
				<p align='center'>$subjects</td>
				<td width='25%'>
				<p align='center'>$phone</td>
				<td width='25%'>
				<p align='center'><a href="mailto:$email?subject=School">$email</a></td>
			</tr>
			
			";
			$i++;
}
On the page that will display a teachers biography (view.php), I need to read what the $id variable is that was tacked onto the URL. For example, how would I read the $id if the URL= "http://***.com/view.php?id=1" Sorry if my question is confusing.
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

echo $_GET['id'];
Wldrumstcs
Forum Commoner
Posts: 98
Joined: Wed Nov 26, 2003 8:41 pm

Post by Wldrumstcs »

BRILLIANT. I feel sooooooooooo stupid. Thanks for the help!
kral_majales
Forum Commoner
Posts: 36
Joined: Wed Nov 24, 2004 2:47 pm
Location: Dorset, UK

Post by kral_majales »

if you're page is on a publicly available site, i would recommend you validate the value of the $_GET['id'] variable, just in case :D

K
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

kral_majales wrote:if you're page is on a publicly available site, i would recommend you validate the value of the $_GET['id'] variable, just in case :D

K
like use addslashes() and htmlspecialchars()

(just telling him some usefull functions used for validateing inputs as he seems to be new to php)
Wldrumstcs
Forum Commoner
Posts: 98
Joined: Wed Nov 26, 2003 8:41 pm

Post by Wldrumstcs »

what exactly would either of those two functions do? Also, what does it mean to validate the value of the variable? Thanks.
kral_majales
Forum Commoner
Posts: 36
Joined: Wed Nov 24, 2004 2:47 pm
Location: Dorset, UK

Post by kral_majales »

by 'validate' i mean that you need to check the variable to make sure it contains what you are looking for. you need to watch out for the 'script kiddies' who enjoy trying to break into your site and wreak havoc with everything.

type 'mysql injection' into google, as well as 'cross-site scripting' (abbreviated as XSS) and a whole host of security-related articles will pop up.

i find that writing working apps in php is pretty simple once you have the basics worked out - the time-consuming part tends to be making sure that your site is as 'safe' as it possibly can be. i'm not sure of the 'definitive' way to make a site as safe as possible, but perhaps some of the others here will be able to spell it out in some detail :D

K
Post Reply