stackoom
  简体   繁体   中英

PHP & MySQL: Using $_GET['id'] to query matching table id

 原文  2014-10-11 16:05:07       php/ mysql

Question

Hey guys having a bit of bother here, I don't understand why my PHP script isn't working.

So I will first show the code and then go over the issue I am having: 

include('select-stock.php');
include('db-affinity/header-main.php'); ?>
<?php $carId = $_GET['id']; ?>
<?php 
try {
$carview = $db->prepare("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive, FullRegistration FROM import WHERE FullRegistration = $carId");
} catch (Exception $e) {
  echo "Error.";
  exit;
}
  $cardata = $carview->fetch(PDO::FETCH_ASSOC)
?>
<div class="container">
  <div class="row">
    <div class="col-md-12 col-sm-12">
    <?php echo "$carId"; ?>
    <?php echo mysql_errno($carview) ?>
    <?php echo '<ul class="overwrite-btstrp-ul other-specs-ul h4-style">
   <li>Mileage: '.number_format($cardata["Mileage"]).'</li>
   <li>Engine size: '.$cardata["EngineSize"].'cc</li>
 </ul>'
 ?>
    </div>
  </div>
</div>
<?php include('db-affinity/footer.php') ?>

So basically what I am trying to achieve from this code is giving my page dynamic content based on if the the ?id= of a URL matches a row of my 'FullRegistration' column.

So for example if I have a URL like this "www.cars.com/carview.php?id=NG61CWJ" I then want my script check if there is a row that has that value in the 'FullRegistration' column of my table and then echo out the results of certain columns of that row like this example currently in my code: 

<?php echo '<ul class="overwrite-btstrp-ul other-specs-ul h4-style">
   <li>Mileage: '.number_format($cardata["Mileage"]).'</li>
   <li>Engine size: '.$cardata["EngineSize"].'cc</li>
 </ul>'
 ?>

In theory 

FROM import WHERE FullRegistration = $carId

should make this happen however for some reason on my server when I use the script above I get nil results returned instead of the results of the row that matches the GET id I get:

Mileage: 0 Engine size: cc

I am aware my code is insecure at the moment however it isn't an issue at this moment in time.

Any ideas why I might be getting nil results returned, my other queries to this table have worked flawlessly however I am having bother with this one, can you see anything in this code that might cause this issue?

Here are the other queries that are included at the top of the code block select-stock.php, just in case this could be a bit of a problem: 

<?php
include('database.php');
try {
  $results = $db->query("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive, FullRegistration FROM import ORDER BY Make ASC");
} catch (Exception $e) {
  echo "Error.";
  exit;
}
///carousel-vehicle results
try {
  $fourresults = $db->query("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive FROM import ORDER BY Make LIMIT 0, 4");
} catch (Exception $e) {
  echo "Error.";
  exit;
}


try {
  $fourresultsone = $db->query("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive FROM import ORDER BY Make LIMIT 4, 4");
} catch (Exception $e) {
  echo "Error.";
  exit;
}


try {
  $fourresultstwo = $db->query("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive FROM import ORDER BY Make LIMIT 8, 4");
} catch (Exception $e) {
  echo "Error.";
  exit;
}


try {
  $makeFilter = $db->query("SELECT DISTINCT Make FROM import ORDER BY Make ASC");
} catch (Exception $e) {
  echo "Error.";
  exit;
}


try {
  $modelFilter = $db->query("SELECT DISTINCT Model FROM import ORDER BY Make ASC");
} catch (Exception $e) {
  echo "Error.";
  exit;
}
?>

All of these queries are working flawlessly on the live site so the db connection is obviously working.

2 answers

solution1
 1  2014-10-11 16:18:49

I believe if you change the code like this it will work:

$carview = $db->prepare("SELECT Make, Model, Colour, FuelType, Year, Mileage, Bodytype, Doors, Variant, EngineSize, Price, Transmission, PictureRefs, ServiceHistory, PreviousOwners, Options, FourWheelDrive, FullRegistration FROM import WHERE FullRegistration = '$carId'");

However before continue, be sure to educate yourself on the dangers of the SQL injection , otherwise I can delete or dump every table in your database, just passing the corresponding values to ?id=...

solution2
 0  2014-10-11 17:59:31

Antoan code should work; the second part of his answer is even more important. If your 'id' value is numeric (as i guess) 

$_GET['$carId'] = intval($_GET['$carId'])

is an easy way and a good point to start...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question php mysql query get value of a table with two different ID Can't get max id from table in mysql using PHP How to get the most recent element by id in MySQL table using PHP How to get customer ID and insert it into another table using php and mySQL Matching node id with mysql table id MySQL query issue - matching multiple id's on a joined table Mysql query to join two table and group by matching id php insert mysql_query get id Get a MYSQL Query from .php?id= Get MySQL ID from loaded table with PHP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM