CODEWITHSUNDEEP
phpmysql
J.Johnson
J.Johnson

Reputation: 19

PHP - Display MySQL data based on user selection on new page

I am trying to display every job record in my database and when a user clicks on a record, it will go on to display the job description for that record on a new page.

At my current state I've managed to display every job, clicking on them will direct the user to the "showjob.php?id=". My problem is that it isn't displaying information for my job.

Page with list of jobs: THIS WORKS

$results = $pdo->query('SELECT * FROM jobs');
foreach ($results as $row) {
    echo '<a class="job_listing_href" href="showjob.php?id="' . $row['job_id'] . '><div id="job_listing">' . $row['job_title'] . '   ' 
            . $row['cat_job'] . '</div><br/><br/>';
}

Page with individual job information:

    $pkey = mysql_real_escape_string($_GET['job_id']);
    $sql = "SELECT * FROM jobs WHERE job_id='$pkey'";
    foreach ($results as $pdo) {
        echo '<div id="job_listing">' . $row['job_title'] . '   ' . $row['cat_job'] . '</div><div id="job_listing_content">' . $row['job_desc'] . 
        '</div>';
    }

It isn't related to my job_desc as I can implement it to my previous page and it lists it just fine. My guess is that it's something to do with my $_GET but not sure.

Also as a sidenote, I'm aware my website is vulnerable to SQL injection, I'm going to fix it soon :) Can anyone provide a solution or put me on the right tracks?

Thank you to anyone spending the time helping me!

UPDATE

I have took everyone's suggestions - thank you, but my "showjob" page still isn't displaying anything. This is my new code:

$pkey = mysql_real_escape_string($_GET['id']);
        $sql = "SELECT * FROM jobs WHERE job_id='$pkey'";
        $results = $pdo->query($sql);
            foreach($results as $row) {
                echo '<div id="job_listing">' . $row['job_title'] . '   ' . $row['cat_job'] . '</div><div id="job_listing_content">' . $row['job_desc'] . 
                '</div>';
                }

Upvotes: 2

Views: 158

Answers (4)

Funk Forty Niner
Funk Forty Niner

Reputation: 74217

You're mixing MySQL APIs using mysql_real_escape_string() while being connected using PDO, so you can't use those together while connecting/querying for the same code.

  • Sidenote: You theoretically could with older versions of PHP, but as of PHP 7.0, the mysql_ API has been removed, so you definitely wouldn't be able to use it here if that were the case.

Reference: http://php.net/manual/en/function.mysql-real-escape-string.php

"This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0."

What you need to use here is a PDO prepared statement in order to escape the data, which is what you are looking to do here.

$pdo = new PDO("...");

if(!empty($_GET['job_id'])){

$pkey = $_GET['job_id'];
$statement = $pdo->prepare("SELECT * FROM jobs WHERE job_id = :jobid");
$statement->execute(array(':jobid' => $pkey));

while($row = $statement->fetch(PDO::FETCH_ASSOC)) {
    // echo $row['field1'].' '.$row['field2']; //etc... taken from an example, sorry.
        echo '<div id="job_listing">' . $row['job_title'] . '   ' . $row['cat_job'] . '</div><div id="job_listing_content">' . $row['job_desc'] . 
    '</div>';
}

}

else{
   echo "GET is empty, check for errors.";
}

Also check for errors if you're not already doing so.

References:

PDO references:

Footnotes:

I noticed you're using href="showjob.php?id yet you're using the $_GET['job_id'] array.

  • id != job_id.

That will fail you if that's what you're still using and both of those need to match.

Error reporting would have told you about that.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Then the rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

Other notes:

If your server does not support the mysql_ MySQL API, then error reporting would have thrown you something similar to the following:

Fatal error: Call to undefined function mysql_real_escape_string()...

Upvotes: 1

&#193;lvaro Touz&#243;n
&#193;lvaro Touz&#243;n

Reputation: 1230

seems that

foreach ($results as $pdo) {
                echo '<div id="job_listing">' . $row['job_title']

in foreach your are using $pdo name value, but inside using $row, use the same an tell us. expect it help

Upvotes: 0

DaSourcerer
DaSourcerer

Reputation: 6606

You are passing the job id parameter as id. However, when fetching the id for the specific job, you're retrieving job_id out of the $_GET superglobal. $_GET['id'] instead of $_GET['job_id']should work.

PS: As Alex pointed out, actually issuing a query via $results = $pdo->query($sql) may also help. Followed by iterating over foreach($results as $row). Although there should only ever be one result ...

Upvotes: 0

yardie
yardie

Reputation: 1557

The results are not showing because you have your variable names mixed up, see below revision: Change:

 $pkey = mysql_real_escape_string($_GET['job_id']);

to:

 $pkey = mysql_real_escape_string($_GET['id']);

Update: You are also missing: $results = $pdo->query($sql);

Upvotes: 0

Related Questions