Need help about passing value to next page and use that value as a variable for MySQL query

Ask about general coding issues or problems here.

Moderators: egami, macek, gesf

Post Reply
Delacroixex
New php-forum User
New php-forum User
Posts: 3
Joined: Tue Mar 07, 2017 1:57 am

Tue Mar 07, 2017 2:12 am

first of all, im sory if my english is bad,
i just want to create a simple page where when i click a button then it will pass down a value to another page ( the button is a href link ),
but when i get into the next page, echoing the value is fine, but the problem is when i try to do a mysql query with that value, it doesnt shows up anything back in return.

i've might have overlook something here but im self-learning about php so much of my code maybe like copy-pasta other people code, just hope someone could point me the problem.
here's the code btw,

1stpage.php

Code: Select all

<?php
	include "/Connections/config.php";
	$stmt = $db->prepare("select * from login");
	$stmt->execute();
		while($row = $stmt->fetch()){
			?> 
			<a type="button" class="btn btn-default" href="testing1.php?id=<?php echo $row['username']?>"><?php echo $row['rname']?></a> 
			<?php
		}
?>
2ndpage.php

Code: Select all

<?php
	$php = $_GET['id'];
	$php = mysql_escape_string($php);
	echo $php; //-[i]- when i echo here, it shows the correct value that i pass from the 1stpage.[/i]
		include "/Connections/config.php";
		$stmt = $db->prepare("select * from login where userid = '$php'"); //--[i] here's the problem, i query it but return in a blank page from me..[/i]
		$stmt->execute();
			while($row = $stmt->fetch()){
				echo $row['matrixno'];

			}

?>
some extra files,
config.php

Code: Select all

<?php
	$db = new PDO('mysql:host=localhost;dbname=projek','root','')
?>
wish someone could explain to me whats wrong here, btw this is a snippet of my entire coding, i just stuck at here..
Last edited by Delacroixex on Tue Mar 07, 2017 3:45 am, edited 1 time in total.
AdoptiveSolution
php-forum Super User
php-forum Super User
Posts: 167
Joined: Wed Jun 15, 2016 8:35 am

Tue Mar 07, 2017 2:58 am

Remove this line :

Code: Select all

$php = mysql_escape_string($php);
And when you paste code, use the code button </>

And change the title of this topic. "I'm new to php" does NOT describe the problem.
Delacroixex
New php-forum User
New php-forum User
Posts: 3
Joined: Tue Mar 07, 2017 1:57 am

Tue Mar 07, 2017 3:46 am

im really sorry, not just im new to php, im new to this forum as well.

i edited out that line, still it gives me nothing as i echo

Code: Select all

echo $row['matrixno'];
chorn
php-forum GURU
php-forum GURU
Posts: 626
Joined: Fri Apr 01, 2016 2:18 am

Tue Mar 07, 2017 3:57 am

Code: Select all

		$stmt = $db->prepare("select * from login where userid = ?");
		$stmt->execute([$php]);
		var_dump($stmt->errorInfo());
		
		
Delacroixex
New php-forum User
New php-forum User
Posts: 3
Joined: Tue Mar 07, 2017 1:57 am

Tue Mar 07, 2017 4:09 am

chorn wrote:
Tue Mar 07, 2017 3:57 am

Code: Select all

		$stmt = $db->prepare("select * from login where userid = ?");
		$stmt->execute([$php]);
		var_dump($stmt->errorInfo());
		
		
okay as i put that dump, i get these

Code: Select all

array(3) { [0]=> string(5) "00000" [1]=> NULL [2]=> NULL }
does this means that the array store nothing so there's nothing to echo? i dont quite understand this.. :? :?
chorn
php-forum GURU
php-forum GURU
Posts: 626
Joined: Fri Apr 01, 2016 2:18 am

Tue Mar 07, 2017 4:57 am

then there's no user with this ID, or it has no "matrixno"

Code: Select all

select * from login...
var_dump($stmt->fetchAll());
User avatar
Strider64
php-forum GURU
php-forum GURU
Posts: 316
Joined: Sat Mar 23, 2013 8:24 am
Location: Livonia, MI
Contact:

Tue Mar 07, 2017 5:13 am

Code: Select all

    $id = htmlspecialchars($_GET['id']);
    
    $query = 'SELECT * FROM login WHERE id=:id';

    $stmt = $pdo->prepare($query); // Prepare the query:
    $stmt->execute([':id' => $id]); // Execute the query with the supplied user's parameter(s):


    $user = $stmt->fetch(PDO::FETCH_ASSOC);
    echo "<pre>" . print_r($user, 1) . "</pre>\n";
First of all you really don't need to sanitize $_POST OR $_GET if you are using prepared statements. Naming your variable $php is kind of silly, for a more practical name would be $id. I like using named prepared statements instead of the ? and in this case it's :id. The print_r in my opinion gives you a better presentation on the screen than var_dump does in my opinion.

Here's a nice little function that I created for one of my past projects (and it's done procedurally which is rare) that creates a MySQL table just as long as you have a Database for it.

Code: Select all

function createTables() {
    try {
        if (filter_input(INPUT_SERVER, 'SERVER_NAME', FILTER_SANITIZE_URL) == "localhost") {
            $conn = new PDO("mysql:host=localhost:8889;dbname=your_database_name", DATABASE_USERNAME, DATABASE_PASSWORD);
        } else {
            $conn = new PDO('mysql:host=' . DATABASE_HOST . ';dbname=' . DATABASE_NAME, DATABASE_USERNAME, DATABASE_PASSWORD);
        }
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        $table1 = "CREATE TABLE IF NOT EXISTS login (
                id INT(11) AUTO_INCREMENT PRIMARY KEY,
                name VARCHAR(60) NOT NULL,
                email VARCHAR(120) NOT NULL,
                password VARCHAR(255) NOT NULL,
                confirmation VARCHAR(255) NOT NULL,
                security VARCHAR(11) NOT NULL DEFAULT 'public',
                dateCreated DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00')";
        $conn->exec($table1);
        $use = 'use ' . DATABASE_NAME;
        $conn->exec($use);
        $conn = NULL;
    } catch (PDOException $e) {
        echo "Something went wrong" . $e->getMessage();
    }
}
Post Reply