Take data from URL in MySql DB

Question

I would like to take data from DB via simple script

<a href='category.php?CAT=Shoes'>Shoes</a>

then simple show all rows with the specific data in "CAT" column like this:

$CAT = $_GET['CAT'];
    $sql = "SELECT * FROM Shop WHERE CAT = $CAT" ;
       $result = $conn->query($sql);
if ($result->num_rows > 0) {
    while($row = $result->fetch_assoc()) { 
echo"
... results
"}}

The problem is that this script does work with INT (for example SELECT CAT = 5 like category.php?CAT=5) but not with VARCHAR (SELECT CAT = Shoes like category.php?CAT=Shoes). Now I'm not sure why is this happening. With Error: Trying to get property of non-object

$sql = "SELECT * FROM Shop WHERE CAT = '$CAT'" ; – Vikram Singh Mar 04 '17 at 12:32 — Vikram Singh, Mar 04 '17 at 12:32
and also check you column type in db – Vikram Singh Mar 04 '17 at 12:33 — Vikram Singh, Mar 04 '17 at 12:33
Because `CAT` field is `INT`? – u_mulder Mar 04 '17 at 12:33 — u_mulder, Mar 04 '17 at 12:33
Vikram, so simple, you are absolute genius ! Thank you, bro – Igor Mini Minarič Mar 04 '17 at 12:34 — Igor Mini Minarič, Mar 04 '17 at 12:34

score 0 · Answer 1 · answered Mar 04 '17 at 12:36

0

$sql = "SELECT * FROM Shop WHERE CAT = '$CAT'"

answered Mar 04 '17 at 12:36

Igor Mini Minarič

25
5

score 0 · Answer 2 · answered Mar 04 '17 at 12:54

0

You need pass $cat as string

$cat = $_GET['CAT'];

$sql = "SELECT * FROM Shop WHERE CAT = '{$cat}'" ;

$result = $conn->query($sql);

if ($result->num_rows > 0) {
    while($row = $result->fetch_assoc()) { 
        echo '<pre>' . print_r($row, true) . '</pre><br/>';
    }
}

answered Mar 04 '17 at 12:54

Sergio Rodrigues

964
9
12

I recommend doing the character escape to prevent an SQL injection: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Sergio Rodrigues Mar 04 '17 at 13:08

Take data from URL in MySql DB

2 Answers2