0

Hi i have written this code in order to get the news id from url and display the news result from this id which is stored in mysql. I dont know what i am doing wrong. But i am getting any output. I have also test my query which is running fine in mysql.I am doing small misatke which is not able to identif may be syntax or quotation somewhere. Thanks. Here is my Url:

http://autodo/admin/news.php?id=2043

Here is my code:

    <?php
   $ID=$_GET['id']; 
   $sql="   SELECT DISTINCT ad_news.datum, ad_news_texte.text, ad_news_texte.headline, ad_news_texte.id
                    FROM autodo.ad_news_texte, autodo.ad_news
                    WHERE ad_news_texte.id =".$ID."
                    GROUP BY ad_news_texte.text, ad_news_texte.headline, ad_news_texte.id";
  echo $sql_select=mysql_query($sql);
   if($row = mysql_fetch_assoc($sql_select)){       
            $news_id= $row['id'];   
            $news_datum= $row['datum']; 
          $news_text= $row['text']; 
            $news_headline= $row['headline']; 
?>
<div class="welcome-rahmen lng toggleNews" id="<?= $news_id ?> ">
<p class="welcome-breadcrump"><?= $news_datum ?></p>
<p class="welcome-subheadline"><?= $news_headline ?></p>
<div class="newsText">
<?= $news_text ?>
</div>
</div>
<? } ?>
user3702602
  • 139
  • 3
  • 16
  • use single quotes for id '$id' – Ezhil Jun 19 '14 at 13:15
  • no its not the correct way ... – user3702602 Jun 19 '14 at 13:24
  • When you are adding variables to an sql query you need to wrap them in quotes, I.E. SELECT * FROM myTable WHERE myVal='value', so in your code where you have this =>( WHERE ad_news_texte.id =".$ID." ) you should replace it with this => ( WHERE ad_news_texte.id ='".$ID." ') by putting the single quotes on the inside of your query on either side of your variable input you are telling the php to give sql a statement like this => ( WHERE ad_news_texte.id='theValueFromID' ) instead of ( WHERE ad_news_texte.id=theValueFromID ) – PugsOverDrugs Jun 19 '14 at 13:28
  • i have written '".$ID."' like you said but still its not working :(. I am returning single row every time so do i need to if or while lopp i m confused in that. May be because of looping error or condition i m not getting output – user3702602 Jun 19 '14 at 13:32

4 Answers4

1

Some mistakes,

  1. You mixing shorthand and echo for printing output.
  2. Missing ; semi-colon at end of echo statment.
  3. Syntax error in query

Firstly turn on your errors adding ini_set("display_errors",1); on top of your file. Use below statemnt for everywhere you output the variable,

<?php echo $news_id; ?>

Or,

<?= $news_id ?>

Query should be,

$sql=" SELECT DISTINCT ad_news.datum, ad_news_texte.text, ad_news_texte.headline, ad_news_texte.id
                    FROM autodo.ad_news_texte, autodo.ad_news
                    WHERE ad_news_texte.id = '$ID'
                    GROUP BY ad_news_texte.text, ad_news_texte.headline, ad_news_texte.id";

Waring: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Community
  • 1
  • 1
Rikesh
  • 26,156
  • 14
  • 79
  • 87
  • no i tried semicolon but nothing is getting. Can you please check my query in that i am writing id as "$ID" in where clause ... is it right way ? because if my query is not correct then also it qill not return anything... – user3702602 Jun 19 '14 at 13:14
  • Updated my answer. Kindly check. – Rikesh Jun 19 '14 at 13:17
  • Where you are calling id as "$ID", since you are trying to add the string value of that variable to the query, you need to concatenate it as such, 'Your query here"' . $ID . '" The rest of your query here.' a period is PHP's concatenation symbol, and will combine the 3 string segments you have currently – PugsOverDrugs Jun 19 '14 at 13:22
  • please check the updated question where i have made changes according to your answers – user3702602 Jun 19 '14 at 13:25
  • Comapre my query and yours it's not same. – Rikesh Jun 19 '14 at 13:30
1

You should concatenate $ID and sql string by .

For example: 

 $sql="   SELECT DISTINCT ad_news.datum, ad_news_texte.text, ad_news_texte.headline, ad_news_texte.id
                    FROM autodo.ad_news_texte, autodo.ad_news
                    WHERE ad_news_texte.id =".$ID."
                    GROUP BY ad_news_texte.text, ad_news_texte.headline, ad_news_texte.id";
onuri
  • 170
  • 1
  • 6
1

first change quote to variable in where of query like

WHERE ad_news_texte.id ='$ID'

then no use of echo in

<?= echo $news_datum ?> try in all of your code <?= $news_datum ?>

so your whole code will be

<?php
   $ID=$_GET['id']; 
   $sql="SELECT DISTINCT ad_news.datum, ad_news_texte.text, ad_news_texte.headline, ad_news_texte.id FROM autodo.ad_news_texte, autodo.ad_news WHERE ad_news_texte.id ='$ID' GROUP BY ad_news_texte.text, ad_news_texte.headline, ad_news_texte.id";
  $sql_select=mysql_query($sql);
  $checkrow = mysql_num_rows($sql_select);
  if($checkrow > 0) {
     if($row = mysql_fetch_assoc($sql_select)){       
            $news_id= $row['id'];   
            $news_datum= $row['datum']; 
          $news_text= $row['text']; 
            $news_headline= $row['headline']; 
    ?>
     <div class="welcome-rahmen lng toggleNews" id="<?= $news_id ?> ">
    <p class="welcome-breadcrump"><?= $news_datum ?></p>
    <p class="welcome-subheadline"><?= $news_headline ?></p>
   <div class="newsText">
   <?= $news_text ?><?php } 
 }
 else {
   echo 'query does not return any rows';
 }?>
Rakesh Sharma
  • 13,680
  • 5
  • 37
  • 44
1

You have used <?= echo - <?= alone is the same as <?php echo Additionally, as another pointed out you are missing several ; at the end of lines.

Regardless, I would encourage you to use prepared statements or otherwise sanitize the data you are pulling from the query string as your query as written is vulnerable to SQL injection.

mifi79
  • 1,086
  • 6
  • 8