Hi there…
i use below code to display data from mysql row from specific id. here is id=1
<?php
mysql_connect("localhost", "dhaka", "dhaka") or die("Connection Failed");
mysql_select_db("dhaka")or die("Connection Failed");
$result = mysql_query("SELECT *FROM page WHERE id='[B]1[/B]'")
or die(mysql_error());
$row = mysql_fetch_array( $result );
echo "content: ".$row['dtl'];
?>
now i included this code by using php include function in one page called " johns page.php"
so when i click the “john page” the page come with the pulling from id=1.
but if i have 30 page like " kate page" ," roberts page", “michale page”…
then i have to include the above code 30 time by editing it manusally have to change the id number.
for “kate page” i have to change manually the line
$result = mysql_query("SELECT *FROM page WHERE id='[B][/B]'")
to
$result = mysql_query("SELECT *FROM page WHERE id='[B]2[/B]'")
and include the code to " kate page.php"
which is horrible expreince for multiple page…
is it possible that the id number will automatically change when i click on different page?
please help me
The easiest solution would be to use a $_GET value set in the URL so when you click on a page URL instead of that specific page name appearing you have for example…
www.xxx.com/mypage.php?id=2
<?php
mysql_connect("localhost", "dhaka", "dhaka") or die("Connection Failed");
mysql_select_db("dhaka")or die("Connection Failed");
// Sanitize the page ID
$id = isset($_GET['id']) ? filter_var($_GET['id'], FILTER_VALIDATE_INT) : NULL;
if (is_int($id)) {
$result = mysql_query("SELECT * FROM page WHERE id='$id'") or die(mysql_error());
$row = mysql_fetch_array($result);
echo 'content: ' . $row['dtl'];
} else {
die('Possible hack attemp!');
}
?>
NOTE: This is just a very very basic example with minimal security, if you do go with this method you will need some more code to prevent attacks from unwanted users.
The way i would do this however is to use mod_rewrite rules so you can mask the URL rather then having the PHP file name visible to everyone.
oh gr8. thanks for the help.
can you please tell me how can get maximum security? is there any tutorial regarding this isuue?
There is no one tutorial about security but if you search Google for PHP security there are a lot of good links you can visit to help you along your way.
Side note - if ID is an INT, why are we using a VARCHAR to store it? (And if we’re not, why are we using quotes around the value in the SQL?)
i have a nother question…
if the url is default like http://www.mysite.com
so there is no value in the url. so the page will show empty beacuase it can not pull data from database.
can i set a default value for this? so if ibrowse only the url www.mysite.com then it will pull only the id=1 content?
please help me
another isuue, by googleing i got some coedes for preventing sql injection like
if (get_magic_quotes_gpc()) {
$pageID = stripslashes($pageID);
}
$pageID = mysql_real_escape_string($pageID);
$pageID = trim($pageID);
please cehck the code is it ok now after adding the codes?
<?php mysql_connect(“localhost”, “dhaka”, “dhaka”) or die(“Connection Failed”);mysql_select_db(“dhaka”)or die(“Connection Failed”);// Sanitize the page ID
if (get_magic_quotes_gpc()) {
$pageID = stripslashes($pageID);
}
$pageID = mysql_real_escape_string($pageID);
$pageID = trim($pageID);
$id = isset($_GET[‘id’]) ? filter_var($_GET[‘id’], FILTER_VALIDATE_INT) : NULL;if (is_int($id)) { $result = mysql_query(“SELECT * FROM page WHERE id=‘$id’”) or die(mysql_error()); $row = mysql_fetch_array($result); echo 'content: ’ . $row[‘dtl’];} else { die(‘Possible hack attemp!’);}?>