PHP, HTML and SQL: How to get table row number and send as parameter

Question

I connect to my database and get the table. I create an HTML table to list all of my corporations as well as an anchor tag for "Read" "Update" and "Delete" at the end of each row. If I click on "Read" next to one of the corporations, how can I get that specific corporation (or that specific row number) so I can pass it as a parameter. I want to display the information of that corporation on that row. Thanks! `

    try {
    $sql = "SELECT corp FROM corps";
    $sql = $db->prepare($sql);
    $sql->execute();
    $corps = $sql->fetchAll(PDO::FETCH_ASSOC);

    if ($sql->rowCount() > 0) {
        $table = "<table>" . PHP_EOL;
        foreach ($corps as $corp) {
            $table .= "<tr><td>" . $corp['corp'] . "</td><td>" . '<a href="../Lab3">Read</a>' . "</td><td>" . '<a href="../Lab3">Update</a>' . "</td><td>" . '<a href="../Lab3">Delete</a>' . "</td></tr>";
        }
        $table .= "</table>" . PHP_EOL . ' <a href="../Lab3">Create</a>';

    } else {
        $table = "No Corporations.". PHP_EOL;
    }

} catch (PDOException $e){
    die("There was a problem getting the Corporations");
}`

Answer 1

Base yourself on the following code to produce the desired actions.

First check if a (GET) array is (not) empty and equal to an action, and use double quoted values (with escaped double quotes) to echo out the $corp variable(s) correctly.

Note that I added PHP_EOL at the end of $table .= "<tr><td>"... in order to produce clean HTML which helps to debug when viewing HTML source. It's just as good a debugging tool when it comes to something like this, believe me.

Having code show up in one long line, is very hard to work with.

Side notes: I will leave the "Create" link at your discretion since that wasn't mentioned in the question and could be too broad a subject to cover.

I can also assume that your Lab3 (folder) is using an index file and is to be used to perform all of these actions.

If ../Lab3?action does not work for you, then you may need to use something like
../Lab3/index.php?action... or ../Lab3/your_file.php?action... instead.

$table = "<table>" . PHP_EOL;
foreach ($corps as $corp) {

    $table .= "<tr><td>" . $corp['corp'] . "</td><td>" . "<a href=\"../Lab3?action=read&corp=$corp\">Read</a>" . "</td><td>" . "<a href=\"../Lab3?action=update&corp=$corp\">Update</a>" . "</td><td>" . "<a href=\"../Lab3?action=delete&corp=$corp\">Delete</a>" . "</td></tr>" . PHP_EOL;
}
$table .= "</table>" . PHP_EOL . ' <a href="../Lab3">Create</a>';


if(!empty($_GET['action'])){

    if($_GET['action'] == 'read'){
        echo $read = "<br>Record to read: " . $_GET['corp'];
        // You can place your query here
    }

    if($_GET['action'] == 'update'){
        echo $update = "<br>Record to update: " . $_GET['corp'];
        // You can place your query here
    }

    if($_GET['action'] == 'delete'){
        echo $delete = "<br>Record to delete: " . $_GET['corp'];
        // You can place your query here
    }


}

However, and I must state that this is open to an SQL injection and you would need to use a prepared statement. You're already using PDO, so that's a good start.

Note: Using $var = (int)$_GET['integer_array']; (as an example), also helps to prevent from an SQL injection, given if that value is an integer. If not, then you can't use (int) against a string value.

References:

• http://php.net/manual/en/pdo.prepared-statements.php
• https://en.wikipedia.org/wiki/Prepared_statement
• How can I prevent SQL injection in PHP?
• https://en.wikipedia.org/wiki/SQL_injection