0

what am i looking for is to make me get into a page only if the 2 $_post values are equal to what columns in a table have, let's say i have a table |id|name|text|, so when my php page have a $_post['id'] and $_post['name'] equal to what my table have in both of them, only then my text column will show what value it has inside, and if one of values of id and name are different of what my table have then it wont show the text value.

<?php

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $ID = isset($_POST['id']) ? $_POST['id'] : (isset($_GET['id']) ? $_GET['id'] : true);
        $name ='Arthur';
        $connect = mysqli_connect("localhost","root","mysql","manga");
        $query = "SELECT * FROM `in-chapter` INNER JOIN `manga-list` ON `in-chapter`.id = `manga-list`.id WHERE `manga-list`.id = $ID";
        $records = mysqli_query($connect,$query);
        if ($ID > 0) {
            while($show=mysqli_fetch_array($records)){
                 echo '<img src="'.$show['images'].'"></img>';
           
            }
            
        }

    }
?>
MaxV
  • 2,601
  • 3
  • 18
  • 25
jouyou
  • 29
  • 5
  • 1
    Hello and welcome. In this case I would include the data definitons, sample data, sample inputs and desired outputs, so tha people can find out more easily waht you are refering to. – g_bor Oct 01 '20 at 16:40
  • i'm only interested in how do users get into this page , as you see i already have $_post['id'] which will make each page show different contents depend on the id the user called, i'm looking for a way to make the user call of 2 columns example: id and name, let's say i have a table |id = 1|name=arthur|text=Hello world|, what i want is , if the user calls for $_post['id'] which equal to "1" and $_post['name'] which equal to arthur, only then the output will show the output of [text] which is "Hello world", – jouyou Oct 01 '20 at 16:52
  • if the $_post['id'] and $_post['name'] arent equal to the values the table have like $_post['id'] which the user called equal to 2, then i want the output to show an error. – jouyou Oct 01 '20 at 16:52
  • you can use this on your query result or equivalent to see if it returned anything: mysqli_num_rows() You can then generate either your error or result page. – g_bor Oct 01 '20 at 16:55
  • **Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Oct 01 '20 at 17:26
  • yeah i fixed my problem, thank you for your assistance g_bor and dharman – jouyou Oct 01 '20 at 17:47

0 Answers0