-3

I am trying to get id from url "/view.php?postID=2", having this code:

$post = "SELECT * FROM news WHERE postID='$postID'";
$post1 = mysql_query($post);
$postV = mysql_fetch_array($post1);
$postID = $postV['postID'];
$postImg = $postV['img'];
$postTitle = $postV['title'];
$postAuthor = $postV['author'];
$postDate = $postV['date'];
$postCategory = $postV['category'];
$postText = $postV['text'];


<?php
if (isset($_GET['postID'])) {
    $newsID = $_GET['postID'];
}

echo "<section class='view_news'>
    <img class='view_newsimg' src='$postImg'>
    <h3 class='lath'>$postTitle</h3>
    <ul class='det'>
        <li class='adc'>avtori: $postAuthor</li>
        <li class='adc'>TariRi: $postDate</li>
        <li class='adc'>kategoria: $postCategory</li>
    </ul>
    <p class='news'>
        $postText
    </p>
</section>";
?>

but it only shows data from the array where postID = 1

can anybody tell me what to do? Thanks :)

David
  • 23
  • 1
  • 7
  • See also [MySQL returns only one row](http://stackoverflow.com/q/4372197), and as usual [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/q/60174) – mario Aug 16 '14 at 08:53
  • @mano That's not his question. The URL contains `?postID=2`, but his query is returning `postID = 1`. – Barmar Aug 16 '14 at 08:54
  • Where do you set `$postID` before performing the query? – Barmar Aug 16 '14 at 08:55

3 Answers3

1

Three things are wrong here:

  1. You need to get postID value first using $_GET

    $post = "SELECT * FROM news WHERE postID='{$_GET['$postID']}";

  2. You should use while loop

    while($postV = mysql_fetch_array($post1)) {

    $postID = $postV['postID'];

    $postImg = $postV['img'];

    $postTitle = $postV['title'];

    $postAuthor = $postV['author'];

    $postDate = $postV['date'];

    $postCategory = $postV['category']; $postText = $postV['text']; }

  3. Your code is vunerable to SQL injection, use mysql_real_escape_string() to prevent it.

Branko Sego
  • 780
  • 6
  • 13
0

Change this: 

$post = "SELECT * FROM news WHERE postID='$postID'";

with that:

$post = "SELECT * FROM news WHERE postID='{$_GET['postID']}'";
Halil Bilgin
  • 513
  • 4
  • 14
0

There are three things you are doing wrong here. First you are running mysql_query() before setting up $postID and the other is you are not using While loop. The third thing is that you are starting php two times <?php. Try setting $postID and using while loop. Your code should look like this

    <?php
$postID="Your Value";
            post = "SELECT * FROM news WHERE postID='$postID'";
            $post1 = mysql_query($post);
    while($postV = mysql_fetch_array($post1){

            $postID = $postV['postID'];
            $postImg = $postV['img'];
            $postTitle = $postV['title'];
            $postAuthor = $postV['author'];
            $postDate = $postV['date'];
            $postCategory = $postV['category'];
            $postText = $postV['text'];
            }


            if (isset($_GET['postID'])) {
                $newsID = $_GET['postID'];
            }

            echo "<section class='view_news'>
                <img class='view_newsimg' src='$postImg'>
                <h3 class='lath'>$postTitle</h3>
                <ul class='det'>
                    <li class='adc'>avtori: $postAuthor</li>
                    <li class='adc'>TariRi: $postDate</li>
                    <li class='adc'>kategoria: $postCategory</li>
                </ul>
                <p class='news'>
                    $postText
                </p>
            </section>";
            ?>

Hope this helps you

Utkarsh Dixit
  • 4,267
  • 3
  • 15
  • 38