PHP GET method using multiple tables

Question

I am building an eCommerce site, my plan is instead of having multiple item pages, to have one and depending on user choice that is what loads on the item page from the products page.

At the moment i have a products table with id1, id2, id3, and i have a item table. My sql script to show the items is as follows and works well.

'.$row['model'].'<br><br>'.$row['size'].'<br><br>Price:$    '.$row['price'].'

Where I am having trouble is using the GET method for the two tables.

$id = $_GET['productid1'];
$wine="SELECT * FROM wine WHERE id='1' AND productid='1'";
$query_wine=mysqli_query($conn,$row);
while($row=mysqli_fetch_array($query_wine,MYSQLI_ASSOC))

echo '.$row['brand'].'</strong> Price:$    '.$row['price'].';

I know i have not done this properly - it does not display anything except the word price on item page.

Please do not make things over complicated if you are going to help me, I am only learning, my self belief plummets so please be nice. I do not understand anyone else code on different questions as like i said, I am only learning.

i cant, i tried but it would not let me post the question the way i had it... logical and clean — thekid, Feb 28 '17 at 20:50
Do you want to add the $_GET value to your database query? Is that what this question is about? And where are the 2 tables? — WillardSolutions, Feb 28 '17 at 20:55
if that would transfer the data displaying from the two tables on the product page to the item page when the user presses 'more info' yes. tables are in php myadmin — thekid, Feb 28 '17 at 20:57
`$query_wine=mysqli_query($conn,$row);` should be `$query_wine=mysqli_query($conn,$wine);` — RiggsFolly, Feb 28 '17 at 21:07

Kaboom · Accepted Answer · 2017-02-28T21:14:58.473

-1

I will go with what code I have to look at but this is just sudo code since I don't know db structure or anything

$id = "1";
if(isset($_GET['productid1'])) {
     $id = $_GET['productid1'];
}
if(!empty($id)) {
    $statement = "SELECT * FROM wine WHERE id='1' AND productid='$id'";
    $query = mysqli_query($conn, $statement);
    if($query) {
        while($row = mysqli_fetch_array($query)) {
            echo $row['brand'] .'</strong> Price: $'. $row['price'];
        }
    }
}

edited Feb 28 '17 at 21:14

answered Feb 28 '17 at 20:57

Kaboom

674
6
27

its not working, throwing an Parse error: syntax error, unexpected ' (T_STRING), expecting ',' or ';. but why change it to an integer? – thekid Feb 28 '17 at 21:03
Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Feb 28 '17 at 21:05
I just copy and pasted the echo you had. I have fixed this now so you can try that. By casting it to an integer you are making it load only the numbers from the $_GET request. This is typically a good idea as it stops possible SQL injections on the string. – Kaboom Feb 28 '17 at 21:05
at the moment, I am not worried about attacks, this is a project for college. I am trying to understand the basics and I am really confused now. Could you do it the way I originally asked please. – thekid Feb 28 '17 at 21:07
2

The way you originally asked did not even use the `id` that you capture from `$id = $_GET['productid1'];` – RiggsFolly Feb 28 '17 at 21:08
@RiggsFolly when casting the input to an int you remove excess characters, then with another check such as `is_numeric` before you even touch the database, you aren't really that vulnerable since the rest of the string is ignored. I have never ran across an issue with this and a LOT of software relies on this method to call data, PLUS he doesn't care about injection apparently. – Kaboom Feb 28 '17 at 21:10
Please everyone, I am simply looking for a little assistance to help with me understanding this. All i want is for the data displayed on products page to be displayed on the item page when user clicks more info for that product. – thekid Feb 28 '17 at 21:12
kaboom, i will care about injections in the future, but i am only trying to get the basics working right now. – thekid Feb 28 '17 at 21:19
white screen of death: error checking\display are off, turn them on to see the error. at the top of your php page add: `ini_set('display_errors', 'On'); ini_set('html_errors', 0); error_reporting(-1);` – Feb 28 '17 at 21:19
uhm... okay. are you setting the `script.php?productid1=SOMENUMBER` when you call the page? I am not psychic. I can't read your mind over the internet man. I don';t know anything about your script,. Post it on a pastebin and link it. Post your database structure. give me more info so i can help you. – Kaboom Feb 28 '17 at 21:19
kaboom, can we have a private chat> – thekid Feb 28 '17 at 21:20
http://www.chatib.us/user/chat/ go there make an acc and tell me the name. i am kaboom. – Kaboom Feb 28 '17 at 21:23
now it kind of works, its displaying data, but only for the one wine (productid1) for all product more info buttons – thekid Feb 28 '17 at 21:25
@kaboom, i messaged you there (i think) – thekid Feb 28 '17 at 21:28

PHP GET method using multiple tables

1 Answers1