Get a row from a database based on querystring

Question

BIt of a php/mysql noob here, hope someone can help.

Ok so i have a URL which has an id in the querystring like so: wwww.mysite.com/page1.php?id=1

What i want to do is connect to a table in the database and get the data from the columns on one row where the first column named ID equals the id number held in the querystring.

I then want to print the data from each column in different div's elsewhere on the page.

There's also the additional issue of what to do if there's no row in the table with the same id as the querystring, i'd want it to change the id in the querystring to 1 and load that rows data.

I had a little go, i know it connects ok but i have no idea if the rest is what i want:

  <?php
 $link = mysql_connect('Address', 'Database', 'Password');
 if (!$link) {
 die('Could not connect to MYSQL database: ' . mysql_error());
 }
 $per = $_GET['id'];
 $query = "select A,B,C,D,E,F,G,H,I,J,K,L from table_name where per=".$_GET['ID']."";
 echo $result['A'];
 mysql_close($link);
 ?>

And then put this in the div's to print the data.

 <?php echo $result['A']; ?>

Am i along the right lines or completely wrong?

see the manuals and tutorials. you need to know how to execute a query,fetch and get the result set from the database — ɹɐqʞɐ zoɹǝɟ, May 25 '14 at 16:47
Also make sure you use prepared statements and not string concatenation. SQL injection will happen. — Jeff, May 25 '14 at 16:48
*"Am i along the right lines or completely wrong?"* - On Stackoverflow these kind of questions to do not work and are not waned. Instead turn yours into a concrete programming question. That is accepted. See http://stackoverflow.com/questions/how-to-ask — hakre, May 25 '14 at 16:50
Never, never, never use a raw $_GET parameter in your SQL query! — WillardSolutions, May 25 '14 at 16:53
Your code is vulnerable to SQL injections. You should read on [how to prevent them in PHP](http://stackoverflow.com/q/60174/53114). — Gumbo, May 25 '14 at 17:06

Lucas Henrique · Answer 1 · 2014-05-25T17:00:12.463

0

Use mysql_query function in your code.

mysql_* functions is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used.

 <?php
 $link = mysql_connect('Address', 'Database', 'Password');
 if (!$link) {
 die('Could not connect to MYSQL database: ' . mysql_error());
 }
 $per = $_GET['id'];
 $query = "select A,B,C,D,E,F,G,H,I,J,K,L from table_name where per=$per";
 $result = mysql_query($query, $link) or die(mysql_error());
 $row = mysql_fetch_assoc($result);
 echo $row['A'];
 mysql_close($link);
 ?>

edited May 25 '14 at 17:00

answered May 25 '14 at 16:52

Lucas Henrique

1,380
1
11
15

wrong answer this is open for very simple SQL Injection – matanco May 25 '14 at 16:56
@matanco According to the code posted is right. However, I asked to change mysqli_ * or PDO. – Lucas Henrique May 25 '14 at 16:58

matanco · Answer 2 · 2014-05-25T16:59:40.483

$dbConnection = mysql_connect('Address', 'Database', 'Password');
if (!$dbConnection) {
   die('Could not connect to MYSQL database: ' . mysql_error());
}
$per = $_GET['id'];
$query = $dbConnection->prepare("select A,B,C,D,E,F,G,H,I,J,K,L from table_name where per = ?");
$query->bind_param('s', $per);

$query->execute();
$result = $query->get_result();

<?php echo $result; ?>

use this code first to avoid SQL Injection second that's the way it should work in PHP first prepare the query second execute and only then show it.

Get a row from a database based on querystring

2 Answers2