SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Enthusiast
    Join Date
    Jun 2011
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Post what is the method to do this? is this possible?

    Hi there...

    i use below code to display data from mysql row from specific id. here is id=1

    Code:
    <?php 
    mysql_connect("localhost", "dhaka", "dhaka") or die("Connection Failed"); 
    mysql_select_db("dhaka")or die("Connection Failed"); 
    $result = mysql_query("SELECT *FROM page WHERE id='1'")
    or die(mysql_error());
    $row = mysql_fetch_array( $result );
    echo "content: ".$row['dtl'];
    
    ?>
    now i included this code by using php include function in one page called " johns page.php"

    so when i click the "john page" the page come with the pulling from id=1.

    but if i have 30 page like " kate page" ," roberts page", "michale page"......

    then i have to include the above code 30 time by editing it manusally have to change the id number.

    for "kate page" i have to change manually the line
    Code:
    $result = mysql_query("SELECT *FROM page WHERE id=''")
    to

    Code:
    $result = mysql_query("SELECT *FROM page WHERE id='2'")
    and include the code to " kate page.php"

    which is horrible expreince for multiple page...

    is it possible that the id number will automatically change when i click on different page?

    please help me

  2. #2
    SitePoint Wizard bronze trophy chris.upjohn's Avatar
    Join Date
    Apr 2010
    Location
    Melbourne, AU
    Posts
    2,189
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    The easiest solution would be to use a $_GET value set in the URL so when you click on a page URL instead of that specific page name appearing you have for example...

    www.xxx.com/mypage.php?id=2

    PHP Code:
    <?php 

    mysql_connect
    ("localhost""dhaka""dhaka") or die("Connection Failed");
    mysql_select_db("dhaka")or die("Connection Failed");

    // Sanitize the page ID
    $id = isset($_GET['id']) ? filter_var($_GET['id'], FILTER_VALIDATE_INT) : NULL;

    if (
    is_int($id)) {
        
    $result mysql_query("SELECT * FROM page WHERE id='$id'") or die(mysql_error());
        
    $row mysql_fetch_array($result);
        echo 
    'content: ' $row['dtl'];
    } else {
        die(
    'Possible hack attemp!');
    }

    ?>
    NOTE: This is just a very very basic example with minimal security, if you do go with this method you will need some more code to prevent attacks from unwanted users.

    The way i would do this however is to use mod_rewrite rules so you can mask the URL rather then having the PHP file name visible to everyone.

  3. #3
    SitePoint Enthusiast
    Join Date
    Jun 2011
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    oh gr8. thanks for the help.

    can you please tell me how can get maximum security? is there any tutorial regarding this isuue?

  4. #4
    SitePoint Wizard bronze trophy chris.upjohn's Avatar
    Join Date
    Apr 2010
    Location
    Melbourne, AU
    Posts
    2,189
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    There is no one tutorial about security but if you search Google for PHP security there are a lot of good links you can visit to help you along your way.

  5. #5
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    70 Post(s)
    Tagged
    0 Thread(s)
    Side note - if ID is an INT, why are we using a VARCHAR to store it? (And if we're not, why are we using quotes around the value in the SQL?)

  6. #6
    SitePoint Enthusiast
    Join Date
    Jun 2011
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i have a nother question..

    if the url is default like http://www.mysite.com

    so there is no value in the url. so the page will show empty beacuase it can not pull data from database.

    can i set a default value for this? so if ibrowse only the url www.mysite.com then it will pull only the id=1 content?
    please help me

    another isuue, by googleing i got some coedes for preventing sql injection like

    if (get_magic_quotes_gpc()) {
    $pageID = stripslashes($pageID);
    }
    $pageID = mysql_real_escape_string($pageID);
    $pageID = trim($pageID);

    please cehck the code is it ok now after adding the codes?


    <?php mysql_connect("localhost", "dhaka", "dhaka") or die("Connection Failed");mysql_select_db("dhaka")or die("Connection Failed");// Sanitize the page ID
    if (get_magic_quotes_gpc()) {
    $pageID = stripslashes($pageID);
    }
    $pageID = mysql_real_escape_string($pageID);
    $pageID = trim($pageID);

    $id = isset($_GET['id']) ? filter_var($_GET['id'], FILTER_VALIDATE_INT) : NULL;if (is_int($id)) { $result = mysql_query("SELECT * FROM page WHERE id='$id'") or die(mysql_error()); $row = mysql_fetch_array($result); echo 'content: ' . $row['dtl'];} else { die('Possible hack attemp!');}?>


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •