1

I have two .php pages, one that returns the contents of a table including an id for each entry along with an html text input and another that retrieves the details and allows me to update the record.

I'd like to store the id of the entry by clicking on the list item using a href rather than having to text input the id and submit.

choose.php

echo "<ul>";                    
while ($row=mysql_fetch_array($result)) {
    $reference=$row[reference];
    $name=$row[name];
    echo "<li>$reference, $name</li>";  
}
echo "</ul>";    


session_start();

$_SESSION['regName'] = $reference;
mysql_close($link);
?>

<form method="get" action="update.php">
    <input type="text" name="regName" value="">
    <input type="submit">
</form>

update.php

session_start();

$reference = $_GET['regName'];

echo "Your selection id is: ".$reference.".";
$query="SELECT * FROM firsttable WHERE reference='$reference'";
$result=mysql_query($query) or die("Query to get data from firsttable failed with this error: ".mysql_error());
$row=mysql_fetch_array($result);

$name=$row[name];

echo "<form method=\"POST\" action=\"updated.php\">";
    echo "<p>";
        echo "<label for=\"name\">Name: </label><input type=\"text\" id=\"name\" name=\"name\" size=\"30\" value=\"$name\"/>";

    echo "<p><input type=\"submit\"></p>";
echo "</form>";

I apologise if this seems very obvious, I've only started to learn php as of today and it's much more complicated than anything I've done up until now.

Thanks James

cinameng
  • 313
  • 4
  • 14
  • 1
    ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Apr 17 '17 at 19:15
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Apr 17 '17 at 19:15
  • Should be easy enough; what did you try? – Funk Forty Niner Apr 17 '17 at 19:16
  • I really appreciate the advice on both fronts and I will look into each but this is not really helping me with my original query unfortunately. – cinameng Apr 17 '17 at 19:47

1 Answers1

0

Answering your question, you just need to use HREF parameter of A tag. This will make an active link, which will contain a reference you need:

echo '<ul>';                    
while ($row = mysql_fetch_array($result)) {
    $reference = $row[reference];
    $name = $row[name];
    echo '<li><a href=/update.php?regName='.$reference.'>'.$name.'</a></li>';  
}
echo '</ul>';    
?>

Read here for more details about passing data via GET\POST: https://www.w3schools.com/tags/ref_httpmethods.asp

And as you were told above, please consider rewiring the code as it is totally unsafe and must not be used anyhow besides some very basic concept proof. And only inside intranet or local machine.
Good luck!

Denis O.
  • 1,841
  • 19
  • 37