-1

I am making an affiliate program where I count a number of clicks based on this link fridgeblasteraffiliate.freeiz.com/affiliate/?numberherebasedonid but I have this 

    <?php
$conn = mysqli_connect("redacted", "redacted", "redacted", 
"redacted");
 if (!$conn) {
     die("Connection failed: ".mysqli_connect_error());
 }
 session_start();
  $url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
 $sql = "SELECT clicks FROM affiliate WHERE ID='$ID'";
 $add = 1;
 $ID = strpos($url, needle)
 ?>

but as you can see I can't figure out how to call the number in the url to count the clicks

Jonathan Connery
  • 11
  • 7
  • Not relevant to your problem, but you should put `session_start()` right under your opening php tag. You'll save yourself a lot of hassle down the road if you do that. – Difster Jul 18 '17 at 21:46
  • Read up on the `$_GET`-super global: http://php.net/manual/en/reserved.variables.get.php. Passing params in the url like that is commonly known as a "query string". Btw, you're currently defining the variable `$ID` _after_ you're trying to use it. It needs to be defined _before_. Also, if the ID is numeric, make sure to cast it as an integer before using it in your db-query, or use prepared statements. Otherwise, you're wide open for SQL injections. – M. Eriksson Jul 18 '17 at 21:49

1 Answers1

1

You want to use a GET variable. Try the following URL:

fridgeblasteraffiliate.freeiz.com/affiliate/?id=numberherebasedonid

Then use $_GET['id'] in your script to access the value.

$sql = "SELECT clicks FROM affiliate WHERE ID='$_GET['id']'";

Please note, though, that this code is vulnerable to SQL injection. As Magnus Eriksson noted in the comments, you can negate this by either typecasting $_GET['id'] to the int type, or by using prepared statements:

Casting:

$id = (int)$_GET['id'];
$sql = "SELECT clicks FROM affiliate WHERE ID='$id'";

Prepared statements:

$statement = $conn->prepare('SELECT clicks FROM affiliate WHERE ID=?');
$statement->bind_param('s', $_GET['id']);
$statement->execute();
Daniel
  • 1,229
  • 14
  • 24
  • @Daniel for creating the link and number should this work
    http://fridgeblasteraffiliate.freeiz.com/affiliate?id
    – Jonathan Connery Jul 18 '17 at 21:58
  • 1
    Don't forget the equals (=) sign. `/affiliate/?id=` – Daniel Jul 18 '17 at 22:00
  • 1
    @JonathanConnery If you just want to add a click on that post in the DB, you can updated it directly. You don''t need to select it first. Just do `UPDATE affiliate SET clicks = clicks + 1 WHERE ID=?`. – M. Eriksson Jul 18 '17 at 22:03
  • @Daniel Thanks for helping me strengthen it but my real question was how do I get the number from the url to add it to the database of clicks – Jonathan Connery Jul 18 '17 at 22:06
  • Magnus already gave you the query. You don't really need to select it, just update it. Just use that query instead – Daniel Jul 18 '17 at 22:06
  • @MagnusEriksson so this should work? – Jonathan Connery Jul 18 '17 at 22:08
  • No. First off, remove the "SELECT"-query and the `$add = 1`. Your update query is currently just a string that you don't assign to any variable or anything. You can probably also remove the `$url`-line since you don't need to parse out the ID anymore. Btw, you should also have `if (!isset($_GET['id']) || !is_numeric($_GET['id'])) { die('Invalid id'); }` in the line under `session_start();` to make sure that the parameter is set and correct to begin with. – M. Eriksson Jul 18 '17 at 22:13
  • @MagnusEriksson I got rid of the SELECT and it turned all yellow so i think it was an error – Jonathan Connery Jul 18 '17 at 22:14
  • @JonathanConnery This is very basic PHP syntax. I would recommend going through some PHP-tutorials. – M. Eriksson Jul 18 '17 at 22:17
  • @MagnusEriksson whenever I load it up the clicks out as You have gotten: SELECT clicks FROM affiliate WHERE ID='1' Clicks! – Jonathan Connery Jul 18 '17 at 22:55