How to query a mysql DB and link pages?

sw33t_r3v3ng3

I want to basically query the title column on a page and make every title clickable with a dynamic page using the id in the table.

I am able to query the database and echo the title column on the page, but i have no idea how to make them clickable. When the user clicks on the link the url should look like "yoursite.com/page.php?id="
How can i achieve this ??

So far I have this and it doesnt even work ...


<?php
require('connection.php');

mysql_select_db('trackdb');
//Run the query which selects the column link from table table, if there is an error, kill the program and display it.

$query = mysql_query("SELECT * FROM tracks WHERE id='".$_GET."'") or die("Error: ".mysql_error()."!");

//Check if any results were returned

if(mysql_num_rows($query)>0){

//If so, display itresults

$row = mysql_fetch_array($query);

//Display the info

echo"$row[track_title]<br>

";

//If it no results were found...

}else{

//Tell them

echo"No titles found";

}




?>

Kavrocks

sw33t_r3v3ng3 wrote: »

but i have no idea how to make them clickable. When the user clicks on the link the url should look like "yoursite.com/page.php?id="
How can i achieve this ??

You need to learn HTML. Links are made using anchor tags (<a>). Try w3schools, it will get you off the ground.

If I was you and looking to build a web application I'd first learn HTML before anything else. Then I'd progress onto CSS. Depending on the application I'd then either look at Javascript or PHP/MySQL (any server side and database languages can replace this, it's a matter of preference/ease/whoever tells you to learn what).

sw33t_r3v3ng3

Kavrocks wrote: »

You need to learn HTML. Links are made using anchor tags (<a>). Try w3schools, it will get you off the ground.

If I was you and looking to build a web application I'd first learn HTML before anything else. Then I'd progress onto CSS. Depending on the application I'd then either look at Javascript or PHP/MySQL (any server side and database languages can replace this, it's a matter of preference/ease/whoever tells you to learn what).

I already know html and css, I am aware that they use anchor tags but I want to know how to do it in php

Kavrocks

sw33t_r3v3ng3 wrote: »

I already know html and css, I am aware that they use anchor tags but I want to know how to do it in php

By echo'ing HTML code...

sw33t_r3v3ng3

Kavrocks wrote: »

By echo'ing HTML code...

But is my php syntax all correct ?

Deliverance XXV

Does you current script even output anything yet? It looks like you are already outputting data according to a specific ID from the URL.

If you are looking for dynamic links from your script you could edit the section where you output the data as the following:

[PHP]// This will output page.php?id=22 etc
echo "<a href='page.php?id=".$row[id]."'>".$row[track_title]."</a><br />";[/PHP]

Then on the page.php page you would have a PHP script that gets the value that has been passed and then process it in your SQL query to get even more data. If this is a public project then it is worth me mentioning that you should always sanitise the result you are expecting in the URL as it will be inserting it into an SQL query.

Always worth learning:
Check if the value is set first: if(isset($_GET)){ //do stuff } ...etc
Check if the value is numeric: if(is_numeric($value)){ //do stuff } ...etc before letting it touch the SQL query
Check if the value is what you expected before letting it touch the SQL query
Use parameterised queries (MySQLi or PDO) to query the database

oscarBravo

I'm always a bit torn when I see questions like this. Do we simply answer the question that was asked, or should we be pointing out that the mysql_* interface is hopelessly obsolete and that the code as posted is dangerously insecure?

If this forum is a learning resource, should we be teaching people not just how to write code, but how to write code that doesn't suck?

sw33t_r3v3ng3

oscarBravo wrote: »

I'm always a bit torn when I see questions like this. Do we simply answer the question that was asked, or should we be pointing out that the mysql_* interface is hopelessly obsolete and that the code as posted is dangerously insecure?

If this forum is a learning resource, should we be teaching people not just how to write code, but how to write code that doesn't suck?

I appreciate any help that i get, however let me ask you a question.
Would you agree in saying that there are not many tutorials that mysqli?
Part of the reason the majority of people write suckish code (including myself) is because they cannot find GOOD documentation on mysqli. This covers all forms including video, examples, etc.

oscarBravo

sw33t_r3v3ng3 wrote: »

Would you agree in saying that there are not many tutorials that mysqli?

I honestly don't know. I use tutorials as a means to quickly get to grips with how to do something, and then refine my knowledge by attempting to write code myself with reference to the documentation. That's my process, and I appreciate that it may not work for everyone, but reading API documentation is a key skill that you'll need to build as a coder.

Part of the reason the majority of people write suckish code (including myself) is because they cannot find GOOD documentation on mysqli. This covers all forms including video, examples, etc.

I don't write PHP. I regularly help out others who use it or are learning it, and everything I need to know about mysqli is here.

As for the security flaw in your code, read up on SQL injection, and never ever ever use input from a user directly in a query - mysqli prepared statements solve this problem for you.

sw33t_r3v3ng3

oscarBravo wrote: »

I honestly don't know. I use tutorials as a means to quickly get to grips with how to do something, and then refine my knowledge by attempting to write code myself with reference to the documentation. That's my process, and I appreciate that it may not work for everyone, but reading API documentation is a key skill that you'll need to build as a coder. I don't write PHP. I regularly help out others who use it or are learning it, and everything I need to know about mysqli is here.

As for the security flaw in your code, read up on SQL injection, and never ever ever use input from a user directly in a query - mysqli prepared statements solve this problem for you.

Thanks will have a look at it. I think i might try different ways of learning if I dont get anywhere !

Kavrocks

sw33t_r3v3ng3 wrote: »

But is my php syntax all correct ?

If you don't get an error when you run the page then yes. Syntax errors will more than likely be shown via the output of the php page. It has been so long since I've looked at php though so I'm open to correction.

sw33t_r3v3ng3 wrote: »

Thanks will have a look at it. I think i might try different ways of learning if I dont get anywhere !

Good code as referred to by oscarBravo will not come to you at the start, it comes over time as you learn and things are pointed out to you. I've not being writing code as long as most on this forum but when I look back at code I wrote 3 or 4 years ago I can't believe how my style has changed and progressed. Its at a completely different level which came through experience, reading blog posts on quirky occurences and looking at other peoples code (not copy and pasting but using it to understand how something works).

I see no issue with how you are learning it sounds very similar to how I did. In my opinion becoming a good coder is just as much if not more about experience as it is education and raw talent. The key thing is to have a project you want to build and you seem to have that down so I'd say stick at it and if you need anything give us a shout, I'll do what I can.

oscarBravo wrote: »

I'm always a bit torn when I see questions like this. Do we simply answer the question that was asked, or should we be pointing out that the mysql_* interface is hopelessly obsolete and that the code as posted is dangerously insecure?

If this forum is a learning resource, should we be teaching people not just how to write code, but how to write code that doesn't suck?

I found myself thinking that at the start. After thinking about it my opinion would be it can't hurt to point it out and offer some extra reading material for the OP about the issues. Then its up to him/her as to whether they take it up and act on it. I know if it was me I would prefer if people pointed stuff like that out to me so that I can improve and learn.

ChRoMe

Stop immediately and learn what sql injection is before doing anything else.

sw33t_r3v3ng3

ChRoMe wrote: »

Stop immediately and learn what sql injection is before doing anything else.

ive heard so much about that! Isnt one way of avoiding it using mysql_real_escape ?

oscarBravo

sw33t_r3v3ng3 wrote: »

ive heard so much about that! Isnt one way of avoiding it using mysql_real_escape ?

It's one mitigation measure, yes. The biggest problem with it is that you have to remember to use it every single time without fail.

Also, it's a mysql_* function, so it's deprecated.

Deliverance XXV

sw33t_r3v3ng3 wrote: »

ive heard so much about that! Isnt one way of avoiding it using mysql_real_escape ?

mysql_real_escape will stop the majority of SQL injection attacks if used correctly (single quotes around variables in SQL string, etc). Advanced SQL injection and certain XSS attacks can still get through.

Talking parameterised queries is probably a bit much for beginners who are only building college projects/test environments, but if are using a live environment and a database with people's information, I would recommend you use PDOs when communicating with databases. That includes SELECT statements.

As I said earlier: Make sure what you are expecting is what you are getting. For example, if you are expecting a number: Check both on the client side (for genuine users and just good practise) and the server side (to validate data) that it is actually a number.