0
if (isset($_GET['id'])) {

        $movie_id=$_GET['id'];

        $sql="SELECT * FROM movies WHERE movie_id='$movie_id'";

        $run_sql=mysqli_query($connect,$sql);

        while ($row=mysqli_fetch_assoc($run_sql)) {

            $id=$row['movie_id'];
            $name=$row['Name'];
            $desc=$row['Description'];

            echo "<div id='breadcrumb'><a href='index.php'>Home</a> > <a href='movies.php'>Movies</a> $name</div>
    <div id='description'>
        <h1>$name</h1>
        <p>$desc</p>";
    }
}

this is the code and its shows nothing except the url ID which is passing through GET no other details are showing no errors either ,

Professor Abronsius
  • 33,063
  • 5
  • 32
  • 46
David
  • 23
  • 5
  • 1
    What is the URL of getting this `id` via GET method?? – Murad Hasan Sep 28 '16 at 08:23
  • How are you getting the ID into the URL? – Sauced Apples Sep 28 '16 at 08:23
  • try to print var_dump($_REQUEST) and check which is method or you can get id or not. – Rax Shah Sep 28 '16 at 08:24
  • For the verification of passing `id` you can use `if (isset($_GET['id']) && $_GET['id'] != "") {` – Murad Hasan Sep 28 '16 at 08:24
  • Try this `"SELECT name FROM movies WHERE movie_id='". mysql_real_escape_string( $movie_id ) ."';" ` Your selection is the probblem – Denis Solakovic Sep 28 '16 at 08:25
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Sep 28 '16 at 08:26
  • Url is showing the ID like single.php?movie=3 . its just not displaying the data against this ID – David Sep 28 '16 at 08:29
  • So you get NO OUTPUT at all? – RiggsFolly Sep 28 '16 at 08:29
  • And you are sure that there is a row with the ID=3 in your database – RiggsFolly Sep 28 '16 at 08:30
  • Yes i know prepared statements is good but the main issue here is not getting the data against that id , and i will use prepared statements soon :) – David Sep 28 '16 at 08:31
  • Nope no output at all – David Sep 28 '16 at 08:32
  • Is this the COMPLETE script? If not show all the script – RiggsFolly Sep 28 '16 at 08:33
  • yes i checked the row and query too in phpmyadmin , i think there is a problem in echoing this thing – David Sep 28 '16 at 08:33
  • function single_page(){ global $connect; if (isset($_GET['id'])) { $movie_id=$_GET['id']; $sql="SELECT * FROM movies WHERE movie_id='$movie_id'"; $run_sql=mysqli_query($connect,$sql); while ($row=mysqli_fetch_assoc($run_sql)) { $id=$row['movie_id']; $name=$row['Name']; $desc=$row['Description']; echo "

    $name

    $desc

    ";} } }
     – David Sep 28 '16 at 08:35
  • Ha ha ha.. Your URL shows the GET parameter as `single.php?movie=3`, That is `movie` and you catch this as `id`. – Murad Hasan Sep 28 '16 at 08:35
  • Your URL is `single.php?movie=3` and you're checking for `$_GET['id']`…?! – deceze Sep 28 '16 at 08:36
  • how did i miss that :p , thanks Frayne , – David Sep 28 '16 at 08:38
  • It is solved now , thanks everyone , Happy coding – David Sep 28 '16 at 08:39
  • [*facepalm*](http://img.memecdn.com/Facepalm_o_92428.jpg) – deceze Sep 28 '16 at 08:41

2 Answers2

2

The main issue is with the URL.

Your URL is single.php?movie=3 and you're checking for $_GET['id']. So change your id by movie.

For the future, you have to code that is SQL Injection free and follow the Instruction given by @RiggsFolly.

Murad Hasan
  • 9,565
  • 2
  • 21
  • 42
0

In these situations you should add some error checking to your code. In fact you should always be error checking

<?php

// some people develop on LIVE servers so make sure
// all error reporting is on while developing a script
ini_set('display_errors', 1); 
ini_set('log_errors',1); 
error_reporting(E_ALL); 
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

function single_page(){ 
    global $connect;

    if (isset($_GET['id'])) {

        $movie_id=$_GET['id'];

        $sql="SELECT * FROM movies WHERE movie_id='$movie_id'";

        $run_sql=mysqli_query($connect,$sql);

        if ( ! $run_sql ) {
            // output the error returned by the database
            echo 'SQL ERROR: ' . mysqli_error($connect);
            exit;
        }

        while ($row=mysqli_fetch_assoc($run_sql)) {

            $id=$row['movie_id'];
            $name=$row['Name'];
            $desc=$row['Description'];

            echo "<div id='breadcrumb'><a href='index.php'>Home</a> > <a href='movies.php'>Movies</a> $name</div>
                    <div id='description'>
                         <h1>$name</h1>
                         <p>$desc</p>
                    </div>";
        }
    }
}

This should at least tell you what the error is, if in fact it is generating an error in the compilation or execution of the query.

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149