Retrieve Row from MYSQL Table and Echo content - PHP

Question

I cannot seem to be able to echo anything from my table. The connection is fine.

<?php
include('config.php');

$id=$_GET['version'];
$res = mysql_query("SELECT url, logo FROM versions WHERE version = ".$id);
$row = mysql_fetch_array($res);

echo $row['url'];


?>

version, url and logo are attributes in table called versions. the URL parameter is version. The test URL is

http://localhost/view?version="a"

Echo is not giving out anything.

Please, help.

Answer 1

this should be like this:

   http://localhost/view?version=a

and your code:

<?php
include('config.php');

$id=mysql_real_escape_string($_GET['version']);
$res = mysql_query("SELECT url, logo FROM versions WHERE version = '$id'");
$row = mysql_fetch_array($res);

echo $row['url'];


?>

I added mysql_real_escape_string to sanitize $_GET for protection from sql injection, and surrounded $id with ' in the query because it is a string, not an integer.

NB: you should stop using mysql_ because these functions are deprecated, start using mysqli or PDO

Answer 2

You need to have the query as

$res = mysql_query("SELECT url, logo FROM versions WHERE version = '".$id."'");

Also your code is very insecure !! You need to sanitize the $_GET['version'] using mysql_real_escape_string().

Better use mysqli_* or PDO