Reputation: 343
php url parameters
I am working on my website, and I am trying to get the url parameter "page" which is an integer that tells which entry to read in the MySQL database that hols the HTML for all the pages. Here is my code, with the MySQL username and password removed for security reasons:
if ($_GET["page"]) {
$con = mysql_connect("localhost","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("jmurano_pages", $con);
$title=mysql_query("SELECT title FROM pageContent WHERE pageID=" . $_GET['page']);
echo "<title>" . $title . "</title>\n";
echo "</head>\n";
echo "<body>\n";
$content = mysql_query("SELECT content FROM pageContent WHERE pageID=" . $_GET['page']);
echo $content;
echo "\n</body>\n</html>";
}
This puts the title as "Resource id #2" and the content as "Resource id #3". I can't think of what I may have done wrong.
I'm still confused. I'm a complete PHP newbie. What exactly do I need to do to access the content and title?
Upvotes: 0
Views: 3615
Answers (7)
Reputation: 32119
Apart from the injection vulnerability (see John's answer) you should get the title from the mysql_query using
$res = mysql_query("SELECT title FROM pageContent WHERE pageID=" . $escapedpage);
$title = mysql_fetch_assoc($res);
$title = $title['title']
$res2 = mysql_query("SELECT content FROM pageContent WHERE pageID=" . $escapedpage);
$content = mysql_fetch_assoc($res2);
$content = $content['content'];
However I think it would be wise if you would follow an online mysql php tutorial.
EDIT
even better would be to just use 1 mysql_query like so:
$res = mysql_query("SELECT title, content FROM pageContent WHERE pageID=" . $escapedpage);
$row = mysql_fetch_assoc($res);
$title = $row['title'];
$content = $row['content'];
That would save your script time and resources since there is only need for one mysql query.
This tutorial is rather good: http://www.freewebmasterhelp.com/tutorials/phpmysql
Upvotes: 3
Reputation: 57815
You should retrieve both fields in one query as that will probably faster. Also assuming pageID is always an integer you should first cast that to an integer to prevent SQL injection. I would use something like:
<?php
if (isset($_GET["page"])) {
$con = mysql_connect("localhost","username","password");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("jmurano_pages", $con);
$pageId = (int) $_GET['page'];
$result = mysql_query('SELECT title, content FROM pageContent WHERE pageID= ' . $pageId);
if (!$result) {
die(mysql_error());
}
$row = mysql_fetch_assoc($result);
if (!$row) {
die('page not found');
}
echo "<title>" . $row['title'] . "</title>\n";
echo "</head>\n";
echo "<body>\n";
echo $row['content'];
echo "\n</body>\n</html>";
} else{
//what are you going to do if page is not passed?
}
?>
Note that
- You may want to put your database connection code into a separate place so you don't have to copy it onto several pages
- You should probably read about SQL injection, and some methods of how to keep HTML and PHP (presentation and logic) separate otherwise you may end up with very messy code
Upvotes: 2
Reputation: 546045
You've obviously got a lot to learn (we all had to start somewhere!), so a single answer on SO won't be able to teach you everything, but here's a starter:
When you run mysql_query on a SELECT query, it will return one of two things:
- if there was an error in your query, it will return false.
- Details about this error are available by calling
mysql_error()
- Details about this error are available by calling
- if the query was fine it will return a resource
- Using this resource, you can call other mysql functions to find out information about the dataset you've just created with your SELECT.
mysql_fetch_assoc()will return an associative array of ONE row from your query.- Do this to see:
$row = mysql_fetch_assoc($resource); print_r($row);
- Do this to see:
- Call it again to retrieve the next row.
- When there's no more rows,
mysql_fetch_assoc()will return false.- Therefore you can write loops like this:
while ($row = mysql_fetch_assoc($resource)) { // do stuff }
- Therefore you can write loops like this:
Upvotes: 2
Reputation: 3914
You should read the manual http://de.php.net/mysql_query
Return Values
For
SELECT,SHOW,DESCRIBE,EXPLAINand other statements returning resultset,mysql_query()returns a resource on success, or FALSE on error.For other type of SQL statements,
INSERT,UPDATE,DELETE,DROP, etc,mysql_query()returns TRUE on success or FALSE on error.The returned result resource should be passed to
mysql_fetch_array(), and other functions for dealing with result tables, to access the returned data.
Upvotes: 0
Reputation:
One more thing.. you can select both title and content in one query:
SELECT title, content FROM ....
Upvotes: 0
Reputation:
Here's some psuedo code.
$result = mysql_query($sql);
//for each row in the result, do stuff with it...
while ($row = mysql_fetch_array($result)){
$title = $row["title"];
$content = $row["content"];
//this will show you the row data visually
//var_dump($row);
}
As a PHP newb, learn to debug (use var_dump if necessary), read documentation, and read tutorials.
Also, there are a massive amount of php + mysql tutorials online... google "php and mysql"
Good luck!
Upvotes: 1
Reputation:
Also, you have a SQL Injection vulnerability... never put $_GET, $_POST or other user-supplied variables directly into queries.
You should do:
$page = $_GET["page"];
$escaped_page = mysql_real_escape_string($page);
and put $escaped_page into your query.
Upvotes: 0
Related Questions
- How to get parameters from a URL and use them in a MySQL query in PHP
- Pass PHP variable in URL query
- How to use parameters in url php?
- MySQL query using url parameters in PHP
- passing variables in url in php
- Passing a value through URL
- passing multiple values in a url
- PHP URL Problem
- PHP passing parameters via URL
- How do I pass more than one variable via URL in php?