-1

I am creating a user table with data from a query, later I try to obtain the id of some field of the users that is selected and I send it to another page to show all the fields of said selection, but I don't know how to do it.

<?php
include("conn.php");
$con = connect();   

echo 
'
    <table class="table table-hover">
    <tr>
        <th scope="col">ID</th>
        <th scope="col">RFC</th>
        <th scope="col">Razón Social</th>
        <th scope="col">Nombre Comercial</th>
        <th scope="col">Representante Legal</th>
        <th scope="col">Teléfono</th>
        <th scope="col">Correo</th>
    </tr>
';

$accion = mysqli_real_escape_string($con,$_POST['accion']);

if($accion == 4)
{
    $mi_busqueda =  mysqli_real_escape_string($con,$_POST['mi_busqueda']);
    $resultados = mysqli_query($con,"SELECT * FROM naucalpan WHERE 
    rfc LIKE '%$mi_busqueda%' 
    OR prop_rep LIKE '%$mi_busqueda%'
    OR business_name LIKE '%$mi_busqueda%'
    OR tradename LIKE '%$mi_busqueda%'
    OR mail LIKE '%$mi_busqueda%'
    
    LIMIT 50");
  while($consulta = mysqli_fetch_array($resultados))
  {
    echo 
    '
        <tr>
            <td><a href="oneClient.php?id="'.$consulta["id_naucalpan"].'>'.$consulta['id_naucalpan'].'</a></td>
            <td><a href="oneClient.php">'.$consulta['rfc'].'</a></td>            
        </tr>
    ';
  } 

}


echo '</table>';

Finally I try to receive the variable to be able to perform the query:

<?php

include("conn.php");
$con = connect();   

$id = mysqli_real_escape_string($con,$_GET['id']);
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>
<body>
    here we go
    <?php echo "hello".$id;
    ?>
    <?php echo $_GET["id"]; ?> 
</body>
</html>

But i only recieve here we go hello

  • What problem are you facing? – waterloomatt Apr 21 '22 at 13:03
  • when performing an echo on the redirect page it does not show me the data –  Apr 21 '22 at 13:15
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Apr 21 '22 at 13:19
  • 1
    If it is coming in via the URL, use `GET` instead of `POST`. Ie. `$id = $_GET['id'];` in the final line of you example code. – waterloomatt Apr 21 '22 at 13:24
  • 1
    Also, turn on error reporting on every page, https://stackoverflow.com/a/21429652/296555 – waterloomatt Apr 21 '22 at 13:25
  • Regarding your comments I made the following change $id = mysqli_real_escape_string($con,$_GET['id']); but i get the following error: Warning: Undefined array key "$id" in C:\xampp\htdocs\prueba\oneClient.php on line 8 –  Apr 21 '22 at 13:29
  • 1
    It'll only work if you click on this link in your code: `a href="oneClient.php?id=".$consulta["id_naucalpan"].>`. If you click any of the links below that, it will not work because you didn't include the ID in the URL. It's not clear which link you clicked on to get that error. – ADyson Apr 21 '22 at 13:40
  • You are very right, I was clicking on another field of the query that I still haven't fixed, but when I click on the correct one for id_naucalpan, which I save in the id variable and send through the link to the new page, it doesn't print anything, please with an echo with an extra string but I only get the string –  Apr 21 '22 at 16:04
  • Please edit and update your question with the latest code. Don't explain code through these comments. – waterloomatt Apr 21 '22 at 16:54
  • `it doesn't print anything` ...you haven't told it to print anything. Just put `echo "The ID is ".$id;` on the next line (after `$id = $_GET['id'];`) as a test. – ADyson Apr 21 '22 at 17:09
  • i did, but only print : The ID is –  Apr 21 '22 at 19:38
  • If the ID parameter is in the URL and has a value then that shouldn't be possible. What URL is showing in the browser's address bar when that output happens? – ADyson Apr 21 '22 at 19:39
  • is not passing the value of the parameter http://localhost/prueba/oneClient.php?id= –  Apr 21 '22 at 19:49
  • It means the value wasn't included in the URL properly to begin with, then – ADyson Apr 21 '22 at 19:54
  • 1
    `href="oneClient.php?id=".$consulta["id_naucalpan"].>'.$consulta['id_naucalpan'].'` should be `href="oneClient.php?id="'.$consulta["id_naucalpan"].'>'.$consulta['id_naucalpan'].'`...you forgot to close the string and restart it again properly – ADyson Apr 21 '22 at 19:55
  • I'm sorry, I tried as you told me but it continues without sending the value –  Apr 21 '22 at 20:06
  • 1
    Sorry, one more typo from you...change it again to `href="oneClient.php?id='.$consulta["id_naucalpan"].'">'.$consulta['id_naucalpan'].'` - the ID value must be within the quote marks of the href attribute, otherwise it won't be considered as part of the URL – ADyson Apr 21 '22 at 20:33
  • Broo you´re awsome, thank you very much, it's good that there are programmers who help like you and not only scold hahaha, thank you very much, how do I rate you or add a score? I'm literally starting in this and I don't know several little things –  Apr 21 '22 at 23:15
  • @GibranQ, don't forget to mark the answer as "accepted" if it helped you. – waterloomatt Apr 27 '22 at 11:57

1 Answers1

1

The problem is that your ID value isn't included correctly in the URL you're generating in the HTML <a href.... You're not breaking the (single-quoted) string correctly and also the value needs to be within the "s of the href attribute otherwise the browser won't treat it as part of the URL.

So (as per your originally posted code, this:

<a href="oneClient.php?id=".$consulta["id_naucalpan"].>'.$consulta['id_naucalpan'].'</a>

needs to be changed to:

<a href="oneClient.php?id='.$consulta["id_naucalpan"].'">'.$consulta['id_naucalpan'].'</a>
ADyson
  • 57,178
  • 14
  • 51
  • 63