PHP Query String Parameter through link

Question

I am trying to pass a query string when the user click on a link.

Such that at the next page it directed to will retrieve the specific poduct (query string parameter) details from mysql.

Below is my code, how can I go about doing it?

Current page:

<?php

// Write a series of five PHP statements to retrieve the data for all product items in the database
// Write a statement to prepare the SQL SELECT statement
$sql = "SELECT skuCode, brand, model FROM productItem;";
// Write a statement to open a connection to MySQL server
$link = mysql_connect("localhost", "root", "password");
// Write a statement to select the required database
mysql_select_db("is1112t4q3", $link);
// Write a statement to send the SQL statement to the MySQL server for execution and retrieve the resultset
$resultset = mysql_query($sql);
// Write a statement to close the connection
mysql_close($link);

// Write a suitable expression for the while loop to iterate through each data row in the resultset.
// Each data row represents one product item that you need to display
while($row = mysql_fetch_array($resultset))
{
    // Write a echo command to display the summary information for each product item. The required attributes are 
    // indicated in the HTML table header row.
    // The image that is displayed should be the first image of each product item, e.g., MP300001_1.jpg.
    // The Action column should contain a hyperlink to viewProductItem.php where user can view the complete product information
    // of the selected product item.
    // You need to use a query string parameter to pass the SKU Code of the required product item to viewProductItem.php
    echo("<tr><td>".$row[0].
        "</td><td>".$row[1].
        "</td><td>".$row[2].
        "</td><td>"."<img src=images/".$row["skuCode"]."_1.jpg>".
        "</td><td><a href=viewProductItem.php?var=skuCode>View</a>".
        "</td></tr>");

}

?>

Next page, this page should retrieve the skuCode that is passed from previous page when clicked on the link <a href=viewProductItem.php?var=skuCode>View</a>.

<?php

// Complete the if expression using the isset function to determine whether the query string parameter skuCode has been provided
if(isset($_GET["skuCode"]))
{               
    // Write a series of five PHP statements to retrieve the data for the selected product item from the database
    // Write a statement to prepare the SQL SELECT statement. The SQL statement should have a WHERE condition
    $sql = "SELECT * FROM productItem WHERE skuCode = '".mysql_real_escape_string($_GET["skuCode"])."';";
    // Write a statement to open a connection to MySQL server
    $link = mysql_connect("localhost", "root", "password");
    // Write a statement to select the required database
    mysql_select_db("is1112t4q3", $link);
    // Write a statement to send the SQL statement to the MySQL server for execution and retrieve the resultset
    $resultset = mysql_query($sql);
    // Write a statement to close the connection
    mysql_close($link);

    // The statement below will retrieve the first data row in the resultset. 
    // Note that we are only expecting at most one data row since we are filtering by the primary key skuCode
    // mysql_fetch_array will an array of values corresponding to the fetched data row.
    // If there is no matching data row, mysql_fetch_array will return FALSE
    $row = mysql_fetch_array($resultset);

    if($row)
    {
        // Write a series of echo commands to print out the complete information of the selected product item using a HTML table
        echo("<tr><td>".$row[0].
            "</td><td>".$row[1].
            "</td><td>".$row[2].
            "</td><td>"."<img src=images/".$row["skuCode"]."_1.jpg>".
            "</td><td><a href=viewProductItem.php>View</a>".
            "</td></tr>");

    }
}
else
{
    echo("<h3 style=\"color: red;\">Product item ".$_GET["skuCode"]." does not exist</h3>");
}
}
else
{
    echo("<h3 style=\"color: red;\">No product item has been selected</h3>");
}

Answer 1

you have to rewrite the url like : in first page. not that 'var'

"<a href=viewProductItem.php?skuCode=".$row["skuCode"].">View</a>"

when u click this link from first page . you can get this value in second page by

 $skuCode =mysql_real_escape_string($_REQUEST['skuCode']);

 $sql = "SELECT * FROM productItem WHERE skuCode = '".$skuCode."';";

and your modified code is : try this its working for you.. First page:

<?php

// Write a series of five PHP statements to retrieve the data for all product items in the database
// Write a statement to prepare the SQL SELECT statement
$sql = "SELECT skuCode, brand, model FROM productItem;";
// Write a statement to open a connection to MySQL server
$link = mysql_connect("localhost", "root", "password");
// Write a statement to select the required database
mysql_select_db("is1112t4q3", $link);
// Write a statement to send the SQL statement to the MySQL server for execution and retrieve the resultset
$resultset = mysql_query($sql);
// Write a statement to close the connection
mysql_close($link);

// Write a suitable expression for the while loop to iterate through each data row in the resultset.
// Each data row represents one product item that you need to display
while($row = mysql_fetch_array($resultset))
{
    // Write a echo command to display the summary information for each product item. The required attributes are 
    // indicated in the HTML table header row.
    // The image that is displayed should be the first image of each product item, e.g., MP300001_1.jpg.
    // The Action column should contain a hyperlink to viewProductItem.php where user can view the complete product information
    // of the selected product item.
    // You need to use a query string parameter to pass the SKU Code of the required product item to viewProductItem.php
    echo("<tr><td>".$row[0].
        "</td><td>".$row[1].
        "</td><td>".$row[2].
        "</td><td>"."<img src=images/".$row["skuCode"]."_1.jpg>".
        "</td><td><a href=viewProductItem.php?skuCode=".$row['skuCode'].">View</a>".
        "</td></tr>");

}

?>

second page:

<?php

// Complete the if expression using the isset function to determine whether the query string parameter skuCode has been provided
if(isset($_GET["skuCode"]))
{               
    // Write a series of five PHP statements to retrieve the data for the selected product item from the database
    // Write a statement to prepare the SQL SELECT statement. The SQL statement should have a WHERE condition
    $sql = "SELECT * FROM productItem WHERE skuCode = '".mysql_real_escape_string($_GET["skuCode"])."';";
    // Write a statement to open a connection to MySQL server
    $link = mysql_connect("localhost", "root", "password");
    // Write a statement to select the required database
    mysql_select_db("is1112t4q3", $link);
    // Write a statement to send the SQL statement to the MySQL server for execution and retrieve the resultset
    $resultset = mysql_query($sql);
    // Write a statement to close the connection
    mysql_close($link);

    // The statement below will retrieve the first data row in the resultset. 
    // Note that we are only expecting at most one data row since we are filtering by the primary key skuCode
    // mysql_fetch_array will an array of values corresponding to the fetched data row.
    // If there is no matching data row, mysql_fetch_array will return FALSE
    $row = mysql_fetch_array($resultset);

    if($row)
    {
        // Write a series of echo commands to print out the complete information of the selected product item using a HTML table
        echo("<tr><td>".$row[0].
            "</td><td>".$row[1].
            "</td><td>".$row[2].
            "</td><td>"."<img src=images/".$row["skuCode"]."_1.jpg>".
            "</td><td><a href=viewProductItem.php>View</a>".
            "</td></tr>");

    }
    else
    {
         echo("<h3 style=\"color: red;\">Product item ".$_GET["skuCode"]." does not                        exist</h3>");
    }
}

else
{
    echo("<h3 style=\"color: red;\">No product item has been selected</h3>");
}

Answer 2

You can use GET as described by Cups. However GET is not secure?

Another way to do it is SESSION variable. Its a more secure method but not completely secure.

//On page 1(Current page)

$_SESSION['skuCode'] = "xyz";

//On page 2(viewProductItem.php)

$var_value = $_SESSION['skuCode'];

Answer 3

viewProductItem.php?skuCode=123

Use PHP to formulate urls with arguments like that.

viewProductItem.php?skuCode=123&anotherVariable=yes

.. and subsequent arguments like that