-1

Just trying to paste some values using php's "echo" and am having bad luck with it.

I belive that the code I am using is problematic in its first variable setup "$theid", where it grabs the id field from a table. Here's the code:

<?php

$conn=mysql_connect("localhost", "username", "password")
or die ("Cannot Connect to MYSQL");

mysql_select_db("database1", $conn)
or die ("Cannot Connect to the Database");
echo "Connected successfully";

$theid = isset($_GET['id'])?$_GET['id']:""; //Possible problematic code

$data = mysql_fetch_array(mysql_query("SELECT * FROM table1 WHERE id='$theid'"));

?>

The data would then be used:

<?php echo $data['url'] ?>

Problem is, nothing is displayed under "$data"

After troubleshooting this and looking around on SO, I am still yet to find an answer. Any feedback is highly appreciated, I'm sure this is just an error with my use of syntax!. Thanks.

Ballard
  • 869
  • 11
  • 25
  • 7
    when nesting `mysql_query()` inside `mysql_fetch_array()` you cannot debug when `mysql_query()` fails. place it before with a ` `mysql_query() or die(mysql_error()` to see why. Note, you should throw away any attempt with `mysql_` and update to `mysqli_` or `PDO`. – Sean Jan 15 '15 at 01:43
  • Also, `$_GET` is used to get parameters sent by HTTP GET (usually via URL). How are you testing this page? You'll only get anything if you're accessing this page like (example) `http://localhost/test.php?id=123` – mathielo Jan 15 '15 at 01:46
  • Thanks for the comment Sean, I will look into doing that. I'm using an online test server & apache based local server @mathielo :) – Ballard Jan 15 '15 at 01:48
  • @ReConnected for troubleshooting purposes, you can use PHP's [`var_dump()`](http://php.net/manual/en/function.var-dump.php). It will not only show you the contents of the parameter you give but also it's type (object, string, int, etc). Try `var_dump($_GET)`, then as Sean suggested, assign `mysqli_query()` to a variable and `var_dump` it. You should get a [Resource](http://php.net/manual/en/language.types.resource.php) on succes or `FALSE` upon error. – mathielo Jan 15 '15 at 01:53
  • 2
    You should read: [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/q/60174/2518525). What you're doing now is going to cause major issues in your production code. I mean the way it is, I could have your whole database in 5 minutes. – Darren Jan 15 '15 at 01:57
  • 1
    @Darren, cheers for that, I've literally stripped this code back to basics because of the issues I'm having collecting the data, I'll add security & protection when its working :) – Ballard Jan 15 '15 at 11:06

3 Answers3

0

Use while loop to print query result data

<?php

$conn=mysql_connect("localhost", "username", "password")
or die ("Cannot Connect to MYSQL");

mysql_select_db("database1", $conn)
or die ("Cannot Connect to the Database");
echo "Connected successfully";

if(isset($_GET['id'])){
   $theid = $_GET['id'];
}

$result = mysql_query("SELECT * FROM table1 WHERE id='$theid'");

while($data = mysql_fetch_array($result)){
    echo $data['url'];
}

?>
jay.jivani
  • 1,560
  • 1
  • 16
  • 33
0
$conn=mysql_connect("localhost", "username", "password")
or die ("Cannot Connect to MYSQL");

mysql_select_db("database1", $conn)
or die ("Cannot Connect to the Database");
echo "Connected successfully";

//default value
$theid = 0;
if(isset($_GET['id'])){
   $theid = $_GET['id'];
}

$result = mysql_query("SELECT * FROM table1 WHERE id='".(int)$theid."'");

while($data = mysql_fetch_array($result)){
    echo $data['url'];
}

Cast to int to prevent SQL injection, and a var into simple quote cannot be interpreted so concate it or not use '' in PHP a var is interpreted into double quote.

bastien
  • 190
  • 1
  • 9
  • It seems we're getting closer to a feasible outcome, thanks for your answer @bastien! But now I have the issue of $_GET['id'] retrieving no results. With the use of "var_dump($_GET)" I am left with "array(0) { }" – Ballard Jan 15 '15 at 18:38
  • @ReConnected try with myurl.html?id=12 depends on you're router :) – bastien Jan 17 '15 at 10:48
0
$result = mysql_query("SELECT * FROM table2 WHERE id='$theid'");

while($data = mysql_fetch_array($result)){
    echo $data['url'];

incorrectly named table

Ballard
  • 869
  • 11
  • 25