Sending MySQL data to page through link in a table

Question

We are currently working on a game shop website and have hit a roadblock regarding the purchase link. The link displays within a mysql table and each link sends the user to the same page. This is necessary as we will be adding new games to the database and want to do using only a mysql command to make the site as efficient as possible.

This is the code of the table (ignore the fact that the purchase link displays the 'gameCodes'.

while($row = mysqli_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['gameName'] . "</td>";
  echo "<td>" . $row['pointsValue'] . "</td>";
  echo "<td>" . '<a href="Purchase.php">'. $row['gameCodes'] .'</a>' .  "</td>";
  echo "</tr>";
  }
echo "</table>";

What I am wanting to do is send the game code of the game that corresponds with the row the link is on to the Purchase.php page to then process the purchase.

Any help is appreciated greatly.

You can put the game code in a variable in the link, but I would make sure you do quite a bit of SQL injection protection especially when dealing with products and purchasing — Chitowns24, Mar 23 '14 at 17:20

score 1 · Answer 1 · edited Mar 23 '14 at 17:25

1

I think you can put the gameCodes id directly in the link

echo "<td>" . 
        '<a href="Purchase.php?gameCodes='. $row['gameCodes'] .'">'.
            $row['gameCodes'] . 
        '</a>' .
    "</td>";

Now you can process the code from the purchase page and retrieve it with $_GET

$_GET['gameCodes'];

edited Mar 23 '14 at 17:25

Patrick Maciel

4,874
8
40
80

answered Mar 23 '14 at 17:18

Fabio

23,183
12
55
64

Thanks so much, how would we handle the game code on the Purchase.php from this method? – chrispollock Mar 23 '14 at 17:22
@chrispbacon you can handle with `$_GET` as i wrote – Fabio Mar 23 '14 at 17:32
@ChrisPBacon : not asking you to upvote or accept my answer...but do look into it...it'll help u understand about securing your data!! – NoobEditor Mar 23 '14 at 17:40

score 1 · Answer 2 · answered Mar 23 '14 at 17:23

Have you thought about sending it through the URL like follow:

while($row = mysqli_fetch_array($result))
{
 echo "<tr>";
 echo "<td>" . $row['gameName'] . "</td>";
 echo "<td>" . $row['pointsValue'] . "</td>";
 echo "<td>" . '<a href="Purchase.php?'.$row['gameCodes'].'">'. $row['gameCodes'] .'</a>' .  "</td>";
 echo "</tr>";
 }
echo "</table>";

and then process to the purchase using the code sent in the URL let me know if it corresponds to what you need.

NoobEditor · Accepted Answer · 2014-03-23T17:37:57.117

my answer deals with not only passing variables from url to your page....but passing it in clean way

First, make sure that url URL properly encode using "PHP urlencode"

echo "<td>" . 
        '<a href="Purchase.php?gameCodes='.urlencode($row['gameCodes']) .'">'.
            $row['gameCodes'] . 
        '</a>' .
    "</td>";

Then to fetch the data strip_tags from the url variable if any:

echo (strip_tags($_GET['item']));

why is this needed??

Since you are fetching the values from URL, assume i manually change the url to :

Purchase.php?gameCodes=<script>alert("hello")</script>

then without proper handling, gameCodes variable value will be fetched and it would alert "hello" on the page

@ChrisPBacon : welcome...i'll suggest if u look into htmlentities too....they are helpful if u are showing user given content on your page!!! http://in3.php.net/htmlentities | and | http://stackoverflow.com/questions/46483/htmlentities-vs-htmlspecialchars — NoobEditor, Mar 23 '14 at 17:48

Sending MySQL data to page through link in a table

3 Answers3