Hey there, I'm really new to php and I have what I think is a very simple and noob question regarding $_GET.

The code in one of my pages is this;

Code:

<head>
<title>quote form</title>
</head>
<body>
<?php
$id =  $_GET['id'];
echo $id;
?>
</body>
</html>

I know that if I point my browser to www.example.com/test.php?id=123 then '123' will be displayed on the page.

I was wondering how I go about using this to display information from a different place , for example have a .csv file with different html code and each piece of code has it's own id, so if the browser is pointed to www.example.com/test.php?id=1 then whatever code has the id of 1 is displayed. I say a .csv file but it would more likely be a MySQL database, anyway I'm just not sure how I'd do this and any help would be appreciated.

--Stream

Not sure if this answers your question, but here is something:
A common thing that people do with a GET is this http://www.example.com?id=1234

Then, this may be used in an SQL statement as such:

PHP Code:

$sql = "SELECT * FROM table WHERE id=".$_GET["id"];
$result = mysql_query($sql); 


The problem with this, is that it opens the door for SQL injection, which can compromise your database. You must be very careful with any GET, because anyone may enter anything they want into the browser, and see it reflected in your code.

in the above example, you could filter the GET variable like this:

PHP Code:

$sanitized_input = inval($_GET["id"]);
$sql = "SELECT * FROM table WHERE id=".$sanitized_input; 


In this example, since the id field in the database must always be an integer, we convert the GET to an integer, to ensure nothing bad is being passed along in it. This is a very simple example of security. This is, unfortunately, a very complex issue, and one that must be handled with care. Lately I have been experimenting with URL encryption, so that anything that is entered there gets jumbled up when it gets passed back to the page.

Thanks for the quick reply, I found a great tutorial and template to acheive what I'm looking, I have all the php and html code stored in the database and this is the code supplied to retrieve it,

Code:

//This retrieves the template and puts into an array. No WHERE clause is used, because we only have one template in our database.
$coding = mysql_query("SELECT * FROM template") or die(mysql_error());
$template = mysql_fetch_array( $coding );

//This retrieves the content and puts into an array. Notice we are calling ID 1, this would change if we wanted to call a page stored on a different row
$text = mysql_query("SELECT * FROM content WHERE content_id =1") or die(mysql_error());
$content = mysql_fetch_array( $text );

//Actually puts the code and content on the page
Print $template['Head_Open'];
Print $content['title'];
Print $template['Head_Close'];


Print $content['body'];
Print $template['Page_End'];
?>

I left the first part of the code out that connects to the database, anyway the WHERE content_id=1 part of the above code, like the comments state, is where you tell the script which id you want to call - how would I go about changing that so instead of predefining it in the script, the url tells it which id I want (www.example.com/test.php?content_id=1) I've tried a few things but they didn't work and this is a bit beyond my knowledge.

Kind Regards
--Stream

Just replace 1 wiht $id.

Quote:

("... WHERE content_id = $id")

or on some servers

Quote:

(" ... WHERE content_id =" . $id)

Shivaji

Thanks shivaji, that got it working perfect, just so others can see this is my final code, again the I left out the database connection part

PHP Code:

//This retrieves the template and puts into an array. No WHERE clause is used, because we only have one template in our database.
$coding = mysql_query("SELECT * FROM template") or die(mysql_error());
$template = mysql_fetch_array( $coding );

//This retrieves the content and puts into an array. Notice we are calling ID 1, this would change if we wanted to call a page stored on a different row
$id = $_GET['garden_feature'];
$text = mysql_query("SELECT * FROM content WHERE html ='$id'") or die(mysql_error());
$content = mysql_fetch_array( $text );

//Actually puts the code and content on the page
Print $template['Head_Open'];
Print $content['title'];
Print $template['Head_Close'];


Print $content['content'];
Print $template['Page_End'];
?> 


I have another question, how would I change the above code so that if for some reason the browser doesn't have anything in garden_feature or what's there isn't in the database, it will print something like 'sorry that feature doesn't exist' ?

Sorry if this sounds like a dumb question but I'm still trying to grasp php.

--Stream

PHP Code:

if (mysql_num_rows($text) > 0)
{
  //Actually puts the code and content on the page
  Print $template['Head_Open'];
  Print $content['title'];
  Print $template['Head_Close'];
  
  
  Print $content['content'];
  Print $template['Page_End'];
}
else
{
  echo 'sorry that feature doesn\'t exist';
} 


Hello,

I'll recomend to "scape" the ID if you're using mysql. For example:

PHP Code:

$query = "SELECT * FROM table WHERE id = $_GET['id'];"; 


That is NOT a good practice.

You should always define first the variable and them assign the value and use this id as an string to avoid errors.

for Example:

PHP Code:

 
$myid = $_GET['id'];
 
 
$query = "SELECT * FROM table WHERE id  = '$myid'; ";