0

Here's what I'm trying to do. I'm trying to echo blog posts stored in my database. Simple enough, but I want them to be redirected to view_post.php to show the full post, when they click on the little preview. Here's my code:

<?php
session_start();
require_once('required/db.php');
$_SESSION['admin'] = false;
?>
<!DOCTYPE html>
<html>
  <head>
    <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>WillWam - Blog</title>
  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
  <link rel="stylesheet" href="assets/css/style.css" type="text/css">
  <link rel="ico" href="assets/favicon.ico">
  </head>
  <body>
    <nav><h2 class="title">The Blog</h2></nav>
    <?php

    $sql="SELECT id,title,author,body FROM posts ORDER BY id DESC";

    if ($result=mysqli_query($con,$sql))
  {
  // Fetch one and one row
  while ($row=mysqli_fetch_row($result))
    {
      printf('<a href="view_post.php"><div class="row"><div class="row-inner"><p><strong>%s</strong> | %s |</p></div></div></a>', $row[0],$row[1],$row[2]);
    }
  // Free result set
  mysqli_free_result($result);
}


mysqli_close($con);

?>
    <div class="top-margin wrapper"><div class="container"><p>Administrator? <a href="/admin/">Click here</a>.</p></div></div>
  </body>
</html>

How would I go about making the preview row a link dynamically (such as view_post.php?id=1)? What would I put in view_post.php?

Will Hoffman
  • 17
  • 5

1 Answers1

0

Assumming on $row the id is contained you can create the links like this

printf('<a href="view_post.php?id='.$row['id'].'"> <----just put the id there
                                                       And on view_port use the value
<div class="row"><div class="row-inner">
<p><strong>%s</strong> | %s |</p></div></div></a>', $row[0],$row[1],$row[2]);
Francisco Hahn
  • 435
  • 5
  • 10
  • Thanks, but how would I display the post info on view_post.php – Will Hoffman May 28 '18 at 15:28
  • Check the index of the row where the id is contained, gonn a edit the answer....and watchout for sql injection, your script is vulnerable. – Francisco Hahn May 28 '18 at 15:30
  • I used a prepared statement on the admin panel, do I need to do anything else to be sure I don't get injected? – Will Hoffman May 28 '18 at 15:32
  • 1
    @FranciscoHahn there is nothing vulnerable to SQL injections in the provided code snippet. As it is a fixed query with no params from the user, there is no need to prepare the query – ᴄʀᴏᴢᴇᴛ May 28 '18 at 15:32
  • @WillHoffman see this topic for more details on how to prevent SQL injections : https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – ᴄʀᴏᴢᴇᴛ May 28 '18 at 15:36
  • @FranciscoHahn I'm still not sure how to DISPLAY THE DATA on view_post.php. Remember, the snippet I provided is index.php that should lead to view_post.php, so how do I get the data from one page (index.php) to another (view_post.php?id="") – Will Hoffman May 28 '18 at 15:43
  • When you pass the parameters via the url, on the view_post.php, those parameters are on the `$_GET` array, the parameter sould be when u call `$_GET["id"]` – Francisco Hahn May 28 '18 at 15:44
  • @FranciscoHahn Ohhh. I get it now! Thanks a lot! – Will Hoffman May 28 '18 at 15:58
  • @WillHoffman a simple way to try it on the first place if you are "getting" the parameters on another page, for this case as you have the links already created, in the page `view_post.php` put this at the beggining to check all the parameters that reach the page `echo print_r($_GET)` – Francisco Hahn May 28 '18 at 15:58