Home/ Questions/Q 8566287
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T17:37:16+00:00

Ok so essentially what I’m trying to do is add a q&a component to

  • 0

Ok so essentially what I’m trying to do is add a q&a component to my website (first website, so my current php knowledge is minimal). I have the html page where the user’s input is recorded, and added to the database, but then I’m having trouble pulling that specific info from the database.

My current php page is pulling info where the questiondetail = the question detail (detail='$detail') in the database, but that could potentially present a problem if two users enter the same information as their question details (unlikely, but still possible, especially if the same person accidentally submits the question twice). What I want to do is have the page load according to the database’s question_id (primary key) which is the only thing that will always be unique.

HTML CODE:

<form id="question_outline" action="process.php" method="get">
<p><textarea name="title" id="title_layout" type="text"  placeholder="Question Title" ></textarea> </p>
<textarea name="detail"  id= "detail_layout" type="text" placeholder="Question Details"  ></textarea>
<div id="break"> </div>
<input id="submit_form" name="submit_question" value="Submit Question" type="submit" /> 
</form>

PROCESS.PHP CODE:

$name2 = $_GET['name2'];
$title = $_GET['title'];
$detail = $_GET['detail'];

$query= "INSERT INTO questions (title, detail) VALUES ('$title', '$detail')";

$result = mysql_query("SELECT * FROM questions where detail='$detail' ") 
or die(mysql_error());

The info is being stored correctly in the database, and is being pulled out successfully when detail=$detail, but what I’m looking to do is have it pulled out according to the question_id because that is the only value that will always be unique. Any response will be greatly appreciated!

Updated Version

QUESTION_EXAMPLE.PHP CODE

<?php
$server_name = "my_servername";
$db_user_name ="my_username";
$db_password = "my_password";
$database = "my_database";
$submit = $_GET['submit'];
$title = $_GET['title'];
$detail = $_GET['detail'];
$conn = mysql_connect($server_name, $db_user_name, $db_password);

mysql_select_db($database) or die( "Unable to select database");

$result = mysql_query("SELECT title, detail FROM questions WHERE id =" .
mysql_real_escape_string($_GET["id"]), $conn);

$row = mysql_fetch_assoc($result);

mysql_close($conn);

?>

<h1><?php echo htmlspecialchars($row["title"]);?></h1>
<p><?php echo htmlspecialchars($row["detail"]);?></p>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Firstly, if that is code to be used in production, please make sure you are escaping your SQL parameters before plugging them in to your statement. Nobody enjoys a SQL injection attack. I would recommend using PDO instead as it supports prepared statements and parameter binding which is much much safer.

    How can I prevent SQL injection in PHP?

    So you have a form…

    [title]

[details]

[submit]

    And that gets inserted into your database…

    INSERT INTO questions (title, details) VALUES (?, ?)

    You can get the last insert id using mysql_insert_id, http://php.net/manual/en/function.mysql-insert-id.php.

    $id = mysql_insert_id();

    Then you can get the record…

    SELECT title, details FROM questions WHERE id = ?

    And output it in a preview page.

    I have written an example using PDO instead of the basic mysql functions.

    form.php:

    <form action="process.php" method="post">
    <label for="question_title">Title</label>
    <input id="question_title" name="title"/>
    <label for="question_detail">Detail</label>
    <input id="question_detail" name="detail"/>
    <button type="submit">Submit</button>
</form>

    process.php:

    <?php

// Create a database connection
$pdo = new PDO("mysql:dbname=test");
// Prepare the insert statement and bind parameters
$stmt = $pdo->prepare("INSERT INTO questions (title, detail) VALUES (?, ?)");
$stmt->bindValue(1, $_POST["title"], PDO::PARAM_STR);
$stmt->bindValue(2, $_POST["detail"], PDO::PARAM_STR);
// Execute the insert statement
$stmt->execute();
// Retrieve the id
$id = $stmt->lastInsertId();

// Prepare a select statement and bind the id parameter
$stmt = $pdo->prepare("SELECT title, detail FROM questions WHERE id = ?");
$stmt->bindValue(1, $id, PDO::PARAM_INT);
// Execute the select statement
$stmt->execute();
// Retrieve the record as an associative array
$row = $stmt->fetch(PDO::FETCH_ASSOC);

?>

<h1><?php echo htmlspecialchars($row["title"]);?></h1>
<p><?php echo htmlspecialchars($row["detail"]);?></p>

    Without PDO…

    form.php:

    <form action="process.php" method="post">
    <label for="question_title">Title</label>
    <input id="question_title" name="title"/>
    <label for="question_detail">Detail</label>
    <input id="question_detail" name="detail"/>
    <button type="submit">Submit</button>
</form>

    process.php:

    <?php

// Create a database connection
$conn = mysql_connect();
// Execute the insert statement safely
mysql_query("INSERT INTO questions (title, detail) VALUES ('" . 
    mysql_real_escape_string($_POST["title"]) . "','" .
    mysql_real_escape_string($_POST["detail"]) . "')", $conn);
// Retrieve the id
$id = mysql_insert_id($conn);
// Close the connection
mysql_close($conn);

header("Location: question_preview.php?id=$id");

    question_preview.php:

    <?php

// Create a database connection
$conn = mysql_connect();
// Execute a select statement safely
$result = mysql_query("SELECT title, detail FROM questions WHERE id = " .
    mysql_real_escape_string($_GET["id"]), $conn);
// Retrieve the record as an associative array
$row = mysql_fetch_assoc($result);
// Close the connection
mysql_close($conn);

?>

<h1><?php echo htmlspecialchars($row["title"]);?></h1>
<p><?php echo htmlspecialchars($row["detail"]);?></p>
    • 0