Get product name in url rather than id php

Question

I am working on a shopping cart website for a university project and need some help.

The site is currently under production at http://www.cutecupcak.es.

At the moment, each product has a url of something like http://cutecupcak.es/product.php?id=11, but I want it to be something like http://cutecupcak.es/product.php?id=chocolate_cupcake.

This is the code we have been given to make this work.

if(isset($_GET['id'])) {
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM `CAKE` WHERE `cake_id`=($id)");    
}

What do I need to change to get the cake_name to show rather than the cake_id?

Answer 1

You can put the name in the url, which should be quite simple, since you have both the name and the id in your database and you can search by and use both.

Both name and id
But I would advise against it. Product names can change a little, and changing it means that the old link wont work anymore.

I would create an url like this:

http://cutecupcak.es/product.php?id=11&name=chocolate_cupcake 

or rather even:

http://cutecupcak.es/product/11/chocolate_cupcake

These urls can be indexed safely. You retain the numeric id, which you can use to lookup the number. The name is in the url as well, which is good for readability and for SEO (search engine optimization), but the name has no actual meaning. You can safely ignore it, because you got the number. Therefor all previously indexed and linked urls will remain valid after you change the name.

I would choose to use dashes instead of underscores in the product name. I believe chocolate-cupcake and chocolate+cupcake are both indexed better than chocolate_cupcake, but my information on this topic may be a bit stale.

mysql? Parameters!
I also would advise you to no longer use mysql_*, and start using PDO or mysqli. Both allow the use of parameterized queries. This allows you to pass an id or name to a query in a safe and transparent method. Safer, cleaner and better performing than using mysql_real_escape_string or functions like that. It's especially safer, because once you become accustomed to using parameters, you will start passing all variables as parameters. While you can forget to escape a variable in your current query, you cannot possibly forget to escape a variable, because it doesn't need escaping.

Answer 2

The Following is a blueprint to what you have to do: 1- In your table you should set cake_name field to be unique. 2- Your sql query should be:

$result = mysql_query("SELECT * FROM `CAKE` WHERE `cake_name`=($id)");    

3- Change the links found of your products list to obtain the cake_name value instead of the numeric id.

Answer 3

Generally, if you want to reference your products by a name instead of id - you should add a new column (I always name it as "slug") with an UNIQUE key. Then, when product is added or edited, based on its name you generates new value for the slug column. For example - from "Chocolate Cake" you will create "chocolate_cake". Then you have to check if the slug is unique - and if not - resolve conflict somehow (e.g. "chocolate_cake_1").

If you have all this set up - just select the appropriate product by unique slug:

$result = mysql_query("SELECT * FROM `CAKE` WHERE `slug`='" . mysql_real_escape_string($_GET['id']) . "'"); 

And - obviosuly - use mysqli instead of deprecated mysql functions.

http://php.net/manual/en/mysqli.query.php

Answer 4

Try something like this:

if(isset($_GET['id'])) {
   $id = $_GET['id'];
   $result = mysql_query("SELECT * FROM `CAKE` WHERE `cake_name`=(". mysql_real_escape_string($id). ")");    
}

Note: I also added mysql_real_escape_string, as not doing that poses a huge SQL injection risk.

Answer 5

I think this just changes to:

$result = mysql_query("SELECT * FROM `CAKE` WHERE `cake_name`=($id)");