6 replies to this topic

[skinnywhiteboy]

Im making a tutorial script for my upcomming site and am having problems with url variables. Basicly i want to take the id number from the url, and then get that info from my database.
so if it was ?id=1 itll take id #1 from my database. Im already connected to the database, just need help on the url part of it

[Sicloan]

those extensions on the url are called Query Strings. Its easy to get:

//  link my look like this:
//  http://www.example.com/index.php?id=2

$var = $_GET['id'];

$query = "select * from TABLENAME where id = $var";

$result = mysql_query($query);

Edited by Sicloan, 25 November 2005 - 03:21 PM.

[HaloprO]

That presents a security issue

<?php
$id = addslashes(str_replace('"', '&quote;', $_GET['id']));
$sql = "SELECT * FROM `table` WHERE `id` = $id";
$q = mysql_query($sql);
$r = mysql_fetch_assoc($q);
?>

To echo out the information use echo $r['field'];

[skinnywhiteboy]

Thanks both, it works perfectly

[rc69]

Info you can look at on the $_GET var: http://php.net/manual/en/reserved.variable...d.variables.get

As for Halopr0's code, there's a simpler built-in function that will work just as good, if not better (and will at least save space).
http://php.net/manual/en/function.mysql-re...cape-string.php

[HaloprO]

Whoa, first time I have ever seen that function, thanks man

[Ruben K]

also remember to use intval() if you only need to get an id