select image and finding it on a database in php

Question

I have a page that is displaying some images to be rated. on one page i display all the images then once an image is selected i want to get the details for that image from a sql database table. here is what i got.

<html>
<body>
<a href="rating.php"><img id="img1" src="images/001.jpg" /></a>
<a href="rating.php"><img id="img2" src="images/002.jpg" /></a>

Each image is a link.

On the rating.php i got

<?php
$image = $_REQUEST["Name"]; //get the image
$Query = mysql_query("SELECT * FROM table WHERE image = '$Name'");

Here is where i need to make sure i select the image that was clicked on the last
page so i can get the information from that image. I was thinking to give each image an id then save that and get it on the other page and connect to the database like that. any ideas? Am I on the right track?

Sidenote: This `WHERE image = '$Name'` you probably meant to use `WHERE image = '$image'` because as it stands, `$Name` is undefined. — Funk Forty Niner, Jul 02 '14 at 00:43
and there is no open database connection and you should filter the image-param (sql injection) — Kevin, Jul 02 '14 at 00:44
Your present code is open to [**SQL injection**](http://stackoverflow.com/q/60174/). Use [**prepared statements**](http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php), or [**PDO**](http://php.net/pdo) with [**prepared statements**](http://php.net/pdo.prepared-statements). — Funk Forty Niner, Jul 02 '14 at 00:51

hex494D49 · Answer 1 · 2015-03-27T22:21:29.253

4

Change this

<a href="rating.php?name=first-img"><img id="img1" src="images/001.jpg" /></a>
<a href="rating.php?name=second-img"><img id="img2" src="images/002.jpg" /></a>

and this

$image = $_GET["name"];
$query = mysql_query("SELECT * FROM table WHERE image = '$image'");

and by the way, use prepared statement like this

$conn = new mysqli($host, $username, $password, $db);
$query = $conn->prepare("SELECT * FROM table WHERE image = ?");
$query->bind_param("s", $name);
$name = $_GET["name"];
$query->execute();

Of course, first-img and second-img in this case, may be changed according to your needs; they may be names of the images or their ids. Using ids is a better approach and its faster.

edited Mar 27 '15 at 22:21

answered Jul 02 '14 at 00:44

hex494D49

9,109
3
38
47

2

There are many alternative methods to do this, but hex494D49 has provided a simple to execute and understand approach to doing so. Personally, for scalability sake, I would would have taken a Javascript/AJAX approach to it - which creates a bit more code, but allows future flexibility of reusable code providing exponentially more means to accomplish your end goal. But that's just me... This also depends on the size off the project, and of course, any intention for future scalability - otherwise the excess code using my suggestion would only add unnecessary "weight" to your current project. – NYCBilly Jul 02 '14 at 01:02
@Philly2NYC In principle, I agree with you. If the `rating.php` in this case has anything to do with rating of an image, I wouldn't reload the whole page only to increase it's rate/hit counter. Furthermore, I would rather use different markup and above all, more secure approach on the server-side. But these things are out of scope of this answer :) – hex494D49 Jul 02 '14 at 01:20

score 0 · Answer 2 · edited May 23 '17 at 11:50

I'd personally go with a jQuery ajax way (as Philly2NYC stated).

You'd have your images:

<a id="rate-image" data-image="first-image" href="#"><img id="img1" src="images/001.jpg" /></a>
<a id="rate-image" data-image="second-image" href="#"><img id="img1" src="images/001.jpg" /></a>

And creating a jQuery onclick event to handle the requests:

$(document).on('click', 'a#rate-image', function(e){
    e.preventDefault();
    // get image
    var img = $(this).attr('data-image');

    $.ajax({
        url: "rating.php",
        type: "POST",
        data: {img: img}
    }).success(function(data){
        // response from php script
        console.log('data');
    });
});

Where you could access your img value in the $_POST array.

<?php 
$image = $_post["img"];
$query = mysql_query("SELECT * FROM table WHERE `image` = '$image'");
// do query and echo what you need....etc...
?>

thanks everybody. its not a huge thing it is small and simple. just rating some image. i have to use php for it thou — mill, Jul 03 '14 at 02:27

select image and finding it on a database in php

2 Answers2