Home/ Questions/Q 8270741
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T06:40:40+00:00

I have a little test project set up so that when you click a

  • 0

I have a little test project set up so that when you click a wolves’s name, it takes them to a page that I want to use to personalize information concerning whichever wolf they clicked on. The page is called wolf.php. I’m trying to using passing variable the $_GET method to assign the URL the wolves id, i.e http://www.testsite.com/wolf.php?id=1 but the page then displays nothing even though I do not get an error.

Here’s the home page (home.php)

<?php
$username = $_SESSION['username'];
$result = @mysql_query("SELECT * FROM wolves WHERE owner = '$username'");
while($wolf = mysql_fetch_array($result))
{
echo "<a href= wolf.php?id=$wolf[id]>$wolf[name]</a>";
};
?>

Clicking this link takes me to http://www.testsite.com/wolf.php?id=1 (or whatever the id was). On wolf.php I have this:

<?php
$id = $_GET['id'];
$result = @mysql_query("SELECT name FROM wolves WHERE id = '$id'") or die("Error: no  
such wolf exists");
echo .$result['name'].
;
?>

I’m not sure where I went wrong but this doesn’t seem to be working. No information regarding the id of the wolf shows up. Thanks for help in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Turn on error reporting with error_reporting(E_ALL); ini_set('display_errors', 1); in development so you see the fatal syntax errors in your code. It is also recommended to remove @ error suppression operator from your mysql_*() calls.

    You have syntax problems on the last line. Unexpected . concatenation operators:

    // Wrong:
// Parse error: syntax error, unexpected '.'
echo .$result['name'].
;

// Should be:
echo $result['name'];

    Next, you have not fetched a row from your query:

    // mysql_query() won't error if there are no rows found.  Instead you have to check mysql_num_rows()
$result = mysql_query("SELECT name FROM wolves WHERE id = '$id'") or die("Query error: " . mysql_error());
// Zero rows found, echo error message.
if (mysql_num_rows($result) < 1) {
  echo "No such wolf.";
}
else {
  // Row found, fetch and display.
  $row = mysql_fetch_assoc($result);
  echo $row['name'];
}

    Note that this script is wide open to SQL injection. At a minimum, call mysql_real_escape_string() on your query input variables. 

    $id = mysql_real_escape_string($_GET['id']);

    Ultimately, think about using PDO or MySQLi instead of the old mysql_*() functions, as they support prepared statements for greater security over manually escaping variables. The mysql_*() functions are planned for deprecation.

    • 0