1

So I've recently been trying to make a website. The website I'm making has multiple pages that are basically the same except different lay-outs of items. I want to reduce the painstaking time it takes to change all of these pages at the same time by having the name and price of the item taken from a database where info about all of the items is stored (including a special ID for each item). The basic idea is that I only had to specify the ID of an item and the database would get the information by itself. I already have the HTML and PHP basic coding done but I don't know how to make the PHP code into a function and then make it runnable inside the command. I'll include the PHP code below:

<?php
$servername = "localhost";
$username = "root";
$password = "testpw";
$dbname = "testdb";

$conn = new mysqli($servername, $username, $password, $dbname);
if($conn->connect_error) {
}
$sql = "SELECT name, price FROM items WHERE id='(Get ID from HTML code here)'";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo " " .$row["name"]. " " .$row["price"]. "<br>";
}
} else {
echo "0 results";
}
$conn->close(); 

?>

I already know this code writes out the specifics for the ID I put where (Get ID from HTML code here) is, I just need to know how to import the ID in the HTML into here, and then be able to put the function into the code.

Here's the HTML:

<div id="images">
<figure>
<img class="image" id=(Item ID here) src="idk.png" width="225" height="190" alt="">
<figcaption><h3>Name: (PHP Function Here) </h3></figcaption>
<figcaption><h5>Price: (PHP Function Here)/month</h5></figcaption>
<figcaption><div id="tfbutton5"><form action="buy.html"><input   type="submit" value="Rent" class="tfbutton5"></form></figcaption>
</div>
</figure>
</div>

Any solution would be appreciated as this is a big road block currently in my website construction. Even if it isn't the answer I was looking for. Thank you.

Nathan
  • 125
  • 13
  • `$sql = "SELECT name, price FROM items WHERE id='(Get ID from HTML code here)'";` : PHP runs on the server before HTML is sent to the screen; to do this you'd need to send the `id` to the server using a form, link or an ajax request. http://programmers.stackexchange.com/questions/171203/what-are-the-differences-between-server-side-and-client-side-programming – CD001 Jul 22 '16 at 15:31
  • stupid/simple/dangerous example `query("SELECT * name, price FROM items where id = $_GET[id]")` that's all. pass the id as a query parameter, then use it in your query. of course, learn about [sql injection attacks](http://bobby-tables.com) FIRST, before you try this sort of thing. – Marc B Jul 22 '16 at 15:31
  • You will need some javascript do what you are asking. I suggest looking at AngularJs, a javascript framework. However, this method all together seems silly, you shouldn't be getting data from the HTML unless the user is giving you that data. – Gary Holiday Jul 22 '16 at 15:46
  • @Marc B Didn't think about how it could be used for an injection attack previously. Would there be any other way to get the desired effect without doing something like that, that's safe? – Nathan Jul 22 '16 at 15:53
  • read the linked site, and/or http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Marc B Jul 22 '16 at 16:36

2 Answers2

0

What you're looking for is a templating system. The values that you've substituted with (PHP Function Here) must be evaluated before you start outputting any html and assigned to certain variables. Then in your template you'd write something like:

<h3>Name: {{ name }}</h3>
<h3>Price: {{ price }}</h3>

and the templating engine would replace {{ name }} and {{ price }} with values of these variables.

Before you start implementing such a solution on your own, check out existing templating engines, for example Twig: http://twig.sensiolabs.org/

Bartosz Zasada
  • 3,762
  • 2
  • 19
  • 25
0

Ok keeping things a little more simple, yes you can use AJAX and yes you can use a framework; however, in the interest of getting you up and going (baby steps) you can use a simple include in the view page and include the bits you want then output the data you want.

    <?php include("your-db-php-file"); ?>
    <div id="images">
    <figure>
    <img class="image" id=(Item ID here) src="idk.png" width="225" height="190" alt="">
   <figcaption><h3>Name: <?php echo $nameVar; ?></h3></figcaption>
   <figcaption><h5>Price: <?php echo $priceVar; ?>/month</h5></figcaption>
   <figcaption><div id="tfbutton5"><form action="buy.html"><input   type="submit" value="Rent" class="tfbutton5"></form></figcaption>
   </div>
   </figure>
   </div>

Yes, I would highly recommend what Marc B mentioned, read up on best practices for PHP and MySQL.

jasonlam604
  • 1,456
  • 2
  • 16
  • 25