PHP/ MySQL Help

herrpoon · 24 May 2007 at 17:15

Hi there, I am in need of some guidance! I've tried looking around online for some tutorials although nothing has come up...

At the moment, I have created a MySQL database, with a table and 10 fields in it, what I want to be able to do is to display the data just from one page as it were, so I don't have to create lots of pages with something like the following in it:

PHP:

	$db = @mysql_query("SELECT * FROM table WHERE id LIKE x");

but rather want to have a dynamic way of showing the data
e.g. /database.php?id=x

where x is the id of one of the entries.

I then want to be able to display the rest of the fields in the same manner, using a template.

Like I said, if anyone could point me in the direction of a decent tutorial that they know of, that would be great! Thanks, Chris.

herrpoon · 24 May 2007 at 17:42

Many thanks, am going to give this a go now - will let you know how I get on, Chris.

herrpoon · 24 May 2007 at 18:03

I've tried that, but am getting some stupid syntax error, but I don't really understand the following:

Code:

template($row['1'], $row['2'], $row['3'], $row['4']);

function template($row1, $row2, $row3, $row4) {
?>
<template>
<?php echo $row1; ?>
</template>
}

Could you explain it a bit more, I don't understand what row[1] refers to...is that the 1st entry in the database, or one of the fields? Thanks, Chris.

herrpoon · 24 May 2007 at 18:40

Ooh, I have it working

Here is the working code:

Code:

<?php
// Make a MySQL Connection
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("database_name") or die(mysql_error());

$result = mysql_query("SELECT * FROM `field` WHERE `id` = " . quote_smart($_GET['id']));
$row = mysql_fetch_array($result, MYSQL_ASSOC);

template($row['id'], $row['content']);

function template($id, $content) {
?>

<body>
The ID is <?php echo $id; ?>.<br />
The content for this ID is: <?php echo $content; ?>
</body>
<?php
}
?>

<?php
function quote_smart($value)
	{
	    // Stripslashes
	    if (get_magic_quotes_gpc()) {
	        $value = stripslashes($value);
	    }
	    // Quote if not a number or a numeric string
	    if (!is_numeric($value)) {
	        $value = "'" . mysql_real_escape_string($value) . "'";
	    }
	    return $value;
	}

?>

For the nice SQL injection function at the bottom, is there a way of when people try and inject evil code, or just more innocently, type in an id which doesn't exist, it sends them back to the first id or something similar? At the moment it just displays this:

The ID is .
The cotent for this ID is:

Thanks for your help on this Jaffa cake, most excellent! :cool: