pass on a row ID onto another page in php

Question

I am trying to pass on a row ID by user click on the specified row, onto another page. I have a table with ID and info column.

code below displays the wanted row ID and info

if ($info = $stmnt2->fetch()) {
    echo '<p>Your Info:</p>';   
    do {
        echo "$info[id] . $info[review] . <a href=edit.php?edit=$info[id]>edit</a></br> </br>" ; //The info id is contained in the $info['id']
    } while ($info = $stmnt2->fetch());
} else {
    echo "<p>No Info</p>";
}

I want the user to be able to click on any of the rows and the selected row to pass on its ID onto another page. How do I do this?

This is the code on the other page and I want the ID on which the user clicked to replace "$info[id]" in the sql query. This replaces the whole column and not the specified row.

        if(isset($_POST['id'])){
        $update=$_POST['id'];


        $db->exec("UPDATE infos SET info = '$update' WHERE reviewid = '$info[id]'");
        }

In the edit page I have an input which the user can write to replace the selcted row (from the ID that gets passed on)

<form action="edit.php" method="POST">

<input type="text" name="id" value="">
<input type="submit" value=" Update "/>
</form>

So I want the ID that was passed from the first page to be used to replace the info row with the user input from the edit page

see if this works`echo $info['id'] . $info['review'] . "edit " ;` — Dimi, Apr 13 '17 at 15:35
@Dimi Thats exactly what he is doing `"$info['id']}"` === `"$info[id]"` when in a Double quoted string literal — RiggsFolly, Apr 13 '17 at 15:37
So tell us what is not happening as you expected with this code — RiggsFolly, Apr 13 '17 at 15:38
@RiggsFolly it is working by adding onto the URL but I cant see to use it on the next page — thenoob, Apr 13 '17 at 15:39
I know what you are trying to do! So have you looked at what gets generated by viewing Page Source of the page you create from you browser? — RiggsFolly, Apr 13 '17 at 15:40
Use the `$_GET` array. Anchor links always generated the data in the `$_GET` array not the `$_POST` array — RiggsFolly, Apr 13 '17 at 15:43
Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) — RiggsFolly, Apr 13 '17 at 15:46
@RiggsFolly thank you and I was planning on sorting out the SQL injection attacks after I've got the functions to work — thenoob, Apr 13 '17 at 15:49
@thenoob If I had a £ for every time I have heard that old chestnut! — RiggsFolly, Apr 13 '17 at 15:50
@RiggsFolly Haha! Do you know how I would use the value from $_GET['edit'] (the selected ID from the user) to replace $info[id] (which has all row IDs) in the sql query. — thenoob, Apr 13 '17 at 16:12

clearshot66 · Answer 1 · 2017-04-13T15:45:51.693

1

Pass the ID to the URL to the next page, navigate to the next page, then use $id =$_GET['id'];

Your edit=$info['id'] part is right but you're using $_POST and $_POST['id'], on the next page. The GET global is needed and it's named edit, not id

if ($info = $stmnt2->fetch()) {
    echo '<p>Your Info:</p>';   
    do {
        echo "$info[id] . $info[review] . <a href=edit.php?edit=$info[id]>edit</a></br> </br>" ; //The info id is contained in the $info['id']
    } while ($info = $stmnt2->fetch());
} else {
    echo "<p>No Info</p>";
}

edit.php:

if(isset($_GET['edit'])){
        $update = $_GET['edit'];


        $db->exec("UPDATE infos SET info = '$update' WHERE reviewid = '$info[id]'");
        }

Also for future expansion and learning, read into how to do prepared statements with bound parameters if you are going to be using queries with variables built in. You're prone to sql injection currently and it's good practice to learn the newer and safer methods.

edited Apr 13 '17 at 15:45

answered Apr 13 '17 at 15:40

clearshot66

2,292
1
8
17

I am trying to get the ID from $_GET['edit'] and pass it onto the edit page. I have another input called id which the user can type to replace info based on the ID from $_GET['edit'] – thenoob Apr 13 '17 at 16:04
Basically in the sql query, I am trying to replace $info[id] (which has all the row IDs), with the ID from $_GET['edit'] (which is specific to what the user clicked) – thenoob Apr 13 '17 at 16:10
my applogies I forgot to add it in – thenoob Apr 13 '17 at 16:13
In that case, try a ternary operator: – clearshot66 Apr 13 '17 at 16:14
edit " ; //The info id is contained in the $info['id'] – clearshot66 Apr 13 '17 at 16:16

lalithkumar · Answer 2 · 2017-04-13T16:11:31.147

1

you can get the parameter value by using $_REQUEST

$update = $_REQUEST['edit'] in edit.php file

when you use $_REQUEST method you can catch both $_GET and $_POST values.

edited Apr 13 '17 at 16:11

answered Apr 13 '17 at 16:04

lalithkumar

3,480
4
24
40

pass on a row ID onto another page in php

2 Answers2

Linked