php a href display data from mysql database and link it to a new page

Question

I have a php & mysql search script which is working, after result displayed users can click below link and it will open a new page and display more mysql info, i am stuck with linking the ahref link ($field2name) to the new page (getprofile.php).

Now the problem is getprofile.php showed nothing and displayed 0 results, however i tried to put static data in getprofile.php it is working properly and can show profile data from mysql, can anyone enlighten me what is missing?

from search page user can click this link:

<td><a href="getprofile.php?'.$field2name.'" target = "_blank">'.$field2name.'</td>

getprofile.php:

<?php
 $conn = mysqli_connect("localhost","root","password","demo");
 $pkey = mysql_real_escape_string($_GET[$field2name]);
// $pkey = "4027500001"; <-------if i put static data it can show profile data
    
  $query = "SELECT * FROM nhc WHERE code =" . $pkey;
    $result = $conn->query($query);


if ($result->num_rows > 0) {
    echo "<table border='1'><tr><th>code</th><th>Name</th><th>class</th><th>AM</th><th>May GA</th><th>June GA</th></tr>";
    // output data of each row
    while($row = $result->fetch_assoc()) {
        echo "<tr><td>".$row["code"]."</td> <td>".$row["name"]."</td> <td> ".$row["class"]."</td>  <td>".$row["am"]."</td> <td>".$row["may"]."</td><td>".$row["june"]. "</td></tr>";
  
    }
    echo "</table>";
} else {
    echo "0 results";
}
?>

score 1 · Answer 1 · answered Jul 04 '20 at 04:09

1

You need to give the GET parameter a name so that you can access it in PHP:

<td><a href="getprofile.php?code='.$field2name.'" target = "_blank">'.$field2name.'</td>

then in PHP:

$pkey = mysql_real_escape_string($_GET['code']);

Note that you should use prepared statements to protect yourself from SQL injection; mysql_real_escape_string is not sufficient (see this Q&A). For example:

$query = "SELECT * FROM nhc WHERE code = ?";
$stmt = $conn->prepare($query);
$stmt->bind_param('i', $_GET['code']);
$stmt->execute();
$result = $stmt->get_result();

answered Jul 04 '20 at 04:09

Nick

138,499
22
57
95

`mysql_real_escape_string` is non-existent – Dharman Jul 04 '20 at 10:33
@Dharman it still exists in PHP5.x and below. Anyway I tried to direct OP to the right way to do things to no avail... – Nick Jul 04 '20 at 12:30

score 1 · Accepted Answer · answered Jul 04 '20 at 04:26

You are not assigning $field2name in any variable. Moreover your quotes are mismatching and are not forming a well formatted url

<td><a href="getprofile.php?value=<?=$field2name?>" target = "_blank">'<?=$field2name?></td>

now to get the value use $_GET['value']

php a href display data from mysql database and link it to a new page

2 Answers2