0

I'm making a simple website using PHP and MySQL, where based on the entered criteria, the website outputs the results from the database. Since there'll be a lot of them (eventually, now there's like 6) I want to compress the table, by having two or three results next to each other. The results will be displayed as images (whose address is pulled from the database) within the table's cells, ideally with a title (also from the DB) under them. Everywhere i've looked (like w3s or here), the code puts each pulled attribute of a table's row into its own cell, and each row of the html table corresponds to the sql table.

Specifically: from the search form, i $_GET variables $color and $altmode in my table 'transformers', i have columns 'id' (auto incrementing), 'color', 'altmode', 'name' and 'image1'

using PDO, I want to SELECT id,name,image1 FROM transformers WHERE color=$color AND altmode=$altmode; and have the results in one table.

basically like this except dynamically generated from the PDO query results, and with the name of each toy being listed under the image.

Honestly i don't know where to begin. So far I have this (with the $conn connection being initialised in required connect.php file)

if (isset($_GET['color']) && isset($_GET['altmode']))
{

  $stmt = $conn->prepare("SELECT id,name,image1 FROM transformers WHERE color=:color AND altmode=:altmode");
  $stmt->bindParam(':color', $_GET['color']);
  $stmt->bindParam(':altmode',$_GET['altmode']);
  $stmt->execute();
  $result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
  echo "this works";
/*
  foreach ($variable as $key => $value) {
    and here i am lost
  }
*/

} else 
{
echo "<p id=\"error\">You didn't search for anything! Go to <a href=\"index.php\">the main page</a> to find a figure!</p>";

}

(edited the code because what I had included was just completely wrong, but still it shows no signs of being right) this code should, if Altmode and Color are set via the Get method, execute the query, not write it out anywhere but instead output "this works". Then I commented out some code that would be a start of a function writing out the table. However there is something wrong even with the query which i can't see because it doesn't say "this works" But my main problem is still how to continue on from that.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Krisha
  • 1
  • 3
  • 3
    Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. Instead of building queries with string concatenation, always use [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) with [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). See [**this page**](https://phptherightway.com/#databases) and [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) for some good examples. – Alex Howansky Feb 04 '23 at 17:31
  • 1
    What does "that is not working as is" mean? What exactly happens? How far through does it get before it goes wrong? You don't actually retrieve any results after executing the query. – droopsnoot Feb 04 '23 at 18:28
  • If your ID is unique, then the LIMIT clause is meaningless. – droopsnoot Feb 04 '23 at 18:29
  • First step - write the HTML code to display your table in long-hand. Once you've got that, it should be easy to go from there to producing the same HTML dynamically from your code. – droopsnoot Feb 04 '23 at 18:30
  • oops, i completely messed up that query. i copied it from a page where it displays entries based on the ID, and there it checks wherher it's numeric so it's (i think) injection-proof. I thought i'd changed it to fit the search page but nope. i updated the code in the question, but there's still an error of sorts. It should at least say 'this works' but it does in fact not do that. – Krisha Feb 04 '23 at 19:00
  • These comments do NOT make your question easier to read. Please use [edit] to make your question more prefect. – Luuk Feb 04 '23 at 19:06
  • When you have problem getting to see: "this works", maybe you should read this page: [How to debug Php code?](https://stackoverflow.com/questions/5710665/how-to-debug-php-code) ? – Luuk Feb 05 '23 at 09:50
  • Take a look at [this](https://www.jdoodle.com/ia/Dxx). This is just one very simple way of doing it. Play around with it until you understand it. – FiddlingAway Feb 08 '23 at 21:07

0 Answers0