$_GET['Link1'] help please

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
geordiejon1978
Forum Newbie
Posts: 3
Joined: Mon Apr 14, 2008 7:48 pm

$_GET['Link1'] help please

Post by geordiejon1978 »

Hello, I am a relitive newbie to php/mysql, and i am having some problems with it at the moment.

What i am trying to do is pull course data from my database, and post them as links on the page, (tmc.php) and then when you click on one of those links, it then opens a new page (courses.php) and gets the course data of that link and displays it in courses.php.

The 1st part is working fine, (tmc.php) is displaying the course links on the page, but then when i click on one of the links, no data is being pulled from the database.

(tmc.php)

Code: Select all

<?php
$con = mysql_connect("localhost","xxxxxx","xxxxxxx");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
 
mysql_select_db("xxxxxx", $con);
$mystring = "Select CourseName from Course";
 
$result = mysql_query ($mystring);
 
while($row = mysql_fetch_array($result))
{
    
    // 1st is the Key, 2nd is what is displayed on screen 
    echo "<a href='courses.php?Link1=".$row ['CourseID']."'>".$row['CourseName']."&nbsp;&nbsp</a>";
    echo "<br>";
}
 
 
?>
(courses.php)

Code: Select all

<?
$tester = $_GET['Link1'];
 
$con = mysql_connect("localhost","xxxxxxx","xxxxx");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
 
mysql_select_db("xxxxxxx", $con);
 
$mystring = "Select * from CourseDetails = '".$tester."'";
$result = mysql_query ($mystring);
 
while($row = mysql_fetch_array($result,MYSQL_NUM))
{
    foreach($row as $attribute)
    echo $attribute."<br>";
    
}
 
 
?>
so when courses.php opens it should show the course information of the link that was clicked.

my tables are

Course
CourseID
CourseName

CourseDetails
CourseID
Title
Section1
Section2
Section3
Section4

Can somebody help me with this please, as i am going to cry soon :'(

Thank You

J
geordiejon1978
Forum Newbie
Posts: 3
Joined: Mon Apr 14, 2008 7:48 pm

Re: $_GET['Link1'] help please

Post by geordiejon1978 »

Well i figured out that my SQL statement on tmc.php was wrong . Should of been :

Code: Select all

$mystring = "SELECT CourseName, CourseID FROM Course";
I have now changed to this, and now when i click a link i get an error :

You have an error in your SQL syntax near ''1'' at line 1

http://www.tmet02.co.uk/TyneMetProject/tmc.php
http://www.tmet02.co.uk/TyneMetProject/courses.php?Link1=1

Can anybody help me with the problem now ? now i am getting an error message, instead of of nothing.

Cheers

J
jcoffield
Forum Newbie
Posts: 1
Joined: Tue Apr 15, 2008 12:32 pm

Re: $_GET['Link1'] help please

Post by jcoffield »

Your SQL query is wrong. you have:

$mystring = "Select * from CourseDetails = '".$tester."'";

You should have:

$mystring = "Select * from Course where CourseID = $tester";

Because your link is passing the CourseId in the quesry string as Link1. Your code $tester = $_GET['Link1']; sets $tester with the value of the selected CourseID. I assume CourseID is an Int datatype not a VarChar. So you would not use the single quotes.

This is not safe though. The way your doing it anyone could inject sql into your query. An easy way in this case to check the form contents are not malicious is to set $tester like this:

if (is_numeric($_GET['Link1'])){
$tester = $_GET['Link1'];
}
else{
//You would want to create an error message here.

//Also set $tester to 0.
$tester = 0;
}
geordiejon1978
Forum Newbie
Posts: 3
Joined: Mon Apr 14, 2008 7:48 pm

Re: $_GET['Link1'] help please

Post by geordiejon1978 »

Thank you so much :D . That has helped me a great deal thank you, and i also understand it now which is another important thing :)

Many Many Thanks

J
Post Reply