0

I dont seem to get what I'm doing wrong. This is my code

<div class="product">
     <div class="productLabels">
        <a href="product.php?productID=<?php $id; ?>"> <img class="productImage" src="<?php echo $row[4]; ?>">
            <p style="font-style: italic; font-weight: bold;"><?php echo $row[1]; ?></p>
            <p>PHP <?php echo $row[2]; ?></p>
        </a>
    </div>
</div>

and this is supposed to be passed on to my single view page with this code:

if (isset($_GET['productID'])) {
        $id = $_GET['productID'];
        $id = preg_replace('#[^0-9]#i', '', $_GET['productID']);
        $query = "SELECT * FROM tblproducts WHERE productID='$id' LIMIT 1";
        $result_set = mysqli_query($con, $query);
        $productCount = mysqli_num_rows($result_set);

        if ($productCount > 0) {
            while ($row = mysqli_fetch_row($result_set)) {
                $id = $row[0];
                $productName = $row[1];
                $price = $row[2];
                $description = $row[3];
                $image = $row[4];
                $category = $row[5];

        ?>
        <div class="singleViewContainer">
            <h2 class="header"><?php echo $productName; ?> | PHP <?php echo $price; ?></h2>
            <div class="base">
                <img src="<?php echo $image; ?>">
                <div class="specs">
                    <p style="font-weight: bold">Specifications, Features and Description: </p>
                    <p><?php echo $description;  ?></p>
                    <button class="add" type="submit">ADD TO CART</button>
                </div>
                <div class="notice">
                    <p>Standard Delivery will arrive in 3-5 business days</p>
                    <p>Cash on delivery available for items below PHP3000</p>
                    <p>- Always inquire for stock availability. Some items are order basis from the supplier <br>- Cheque payments are subject to 3 banking days clearing <br>- 30% downpayment is required for order basis/reservation<br>- Prices are exclusive of VAT and credit card surcharges<br>- Images posted are for reference only. Actualy product may vary<br>- Prices and specifications may change without prior notice</p>
                </div>
            </div>      
        </div>
        <?php
            }
        } else {
            echo "That item does not exist";
        }

    } else {
        echo "Data to render the page is missing";
        exit();
    }

but what i get is just a blank URL saying localhost/toresponsive/product.php?productID= where it passes on a blank value

newbs
  • 41
  • 4
  • 1
    you forgot to echo your id in your href – Roljhon Mar 06 '17 at 16:39
  • @Roljhon I tried that already but it still doesn't work – newbs Mar 06 '17 at 16:40
  • 1
    that should work if your `$id` variable is not empty. nevertheless, that's the only cause that I am seeing in such problem. – Roljhon Mar 06 '17 at 16:41
  • @Roljhon I am very sorry, I had to recheck. It's working now. – newbs Mar 06 '17 at 16:43
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Mar 06 '17 at 16:45
  • If you post an answer without prepared statements [you may want to consider this before posting an answer](http://meta.stackoverflow.com/q/344703/). – Jay Blanchard Mar 06 '17 at 16:45

0 Answers0