Home/ Questions/Q 8373529
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T14:41:51+00:00

Basically I’ve created two php papes. One selects my entire table, and displays just

  • 0

Basically I’ve created two php papes. One selects my entire table, and displays just date, and id number from it. Each date has a link directing to a display.php file. It pulls the ID number with it to the next display.php page. What I want to do on the display.php file is to display the entire row using that PHP.

So I know that Select * from tablename WHERE id=1 will pull that data, but how to get the ID number into there WHERE statement?

This is the main page code:

// SQL query
$strSQL = “SELECT * FROM table1”;

// Execute the query (the recordset $rs contains the result)
$rs = mysql_query($strSQL);

// Loop the recordset $rs
            while($row = mysql_fetch_array($rs)) {

               // DATE
              $strName = $row['date'];

               // Create a link to display.php with the id-value in the URL
               $strLink = "<a href = 'display.php?ID = " . $row['ID'] . "'>" . $strName . "</a>";

                // List link
               echo "<li>" . $strLink . "</li>";


  }

That code links works and goes to display.php.
How would I create the link using the ID number pulling with it. Would I use a post command? 

$id= Post['id'] 
then WHERE id = '$id'

?

TBH I did try that and got nothing. Any suggestions?

USING GET now…still not luck
I’ve tried the GET statement. In my address bar it shows the ID number. So I see the ID number pulling over with it. I tried even just echoing the ID to see if maybe it was just my code messing up. 

<?php 
    $dbhost = 'localhost';
    $dbuser = 'myusername';
    $dbpass = 'mypw';
    $dbname = 'mydbname';
    $id = $_GET['id'];
    mysql_connect($dbhost, $dbuser, $dbpass) or die('MySQL connect failed. ' . mysql_error());
    mysql_select_db($dbname) or die('Cannot select database. ' . mysql_error());
?>


<body>
ID #<?php  echo $id ?>
</body>
</html>

<body>
ID #<?php  echo $id ?>
</body>
</html>

Still no luck

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    So in your display file you’d do something like this

    $id = $_GET['ID'];

//DO SANITIZATION ETC ON THE ID HERE TO MAKE SURE ITS SOMETHING WE EXPECTED (AN INT)

$sql = "SELECT STUFF WHERE ID = {$id}"; //FOR BREVITY SAKE DOING AWAY WITH SECURITY

    So basically what your first script is doing is passing the id in the url query string, values passed here are accessible in the $_GET super globals array.

    Anything you access in here and the other super globals should be treated as completely dangerous to your application. You should filter and escape the hell out of it, and then before inserting it into the database you must escape it using the correct mechanism for your database. Otherwise you leave yourself open to SQL injection attacks.

    • 0