Jump to content

Links of Titles when clicked show Title & Description of item being clicked.

OldWest

By OldWest
in PHP Coding Help

 Share

Recommended Posts

OldWest Regular Member

OldWest

Posted
Posted

I feel like a moron asking this question as it seems to be one of the most common things done with php but I cannot find a tutorial (probably because I don't know the correct wording to search under) on this specific thing..

 

Anyhow.

 

I'm spitting out a list of the Titles of my test table like so (and its working as expected):

 

<?php
$posting_sql = "SELECT * FROM postings";
$posting_results = (mysqli_query($cxn, $posting_sql)) or die("Was not able to grab the Postings!");
while($posting_row = mysqli_fetch_array($posting_results)) {		
	echo "<li><a href='posting_details.php'>$posting_row[title]</a></li>";
}
?>

 

Now as you can see: <a href='posting_details.php'> I am calling a new page, and that page contains this:

 

<h2><?php echo "$posting_row[title]"; ?></h2>

<p><?php echo "$posting_row[description]"; ?></p>

 

It's no surprise it's not working (with many variations etc), but I am only familiar with using <form> GET or POST, and these of course are not form elements, so I cant seem to call them the same way.

 

My suspicion (and from the research data I could find) is that I need to pass values in my link: <a href='posting_details.php'> ...

 

I could not get it to work, but I was trying variations like: <a href='posting_details.php?get[title&get[description]]'> but it seems like I am screwing things up even more by doing this..

 

Anyhow. If anyone could show me a tutorial that covers this specifically or some suggestions on the best approach to this would be much appreciated..

Link to comment
Share on other sites
OldWest Regular Member

OldWest

Posted
  • Author
Posted

Well I was able to figure out a solution with just getting down and dirty with ideas... But I'm not convinced this is 1) A secure method for passing this data and 2) this is the all around best way to pass this data... Here is what I've come to now which IS working:

 

Can you give my your opinion on how you would do this differently?

 

Page 1

<?php
$posting_sql = "SELECT * FROM postings";
$posting_results = (mysqli_query($cxn, $posting_sql)) or die("Was not able to grab the Postings!");
while($posting_row = mysqli_fetch_array($posting_results)) {		
	echo "<li><a href='posting_details.php?id=$posting_row[id]&title=$posting_row[title]&description=$posting_row[description]'>$posting_row[title]</a></li>";
}
?>

 

 

Page 2

<h2><?php $title = $_GET['title']; echo $title; ?></h2>

<p><?php $description = $_GET['description']; echo $description; ?></p>

Link to comment
Share on other sites
OldWest Regular Member

OldWest

Posted
  • Author
Posted

The problem with the way I am doing it now as in my last code snippet in this post, ALL of the id title and description are passed in the url!!! Makes a very LONG url string which is gross!!

 

Can anyone guide me to a tutorial or just tell me plain outright if the way I am doing it is TOTALLY wrong? I am guessing I am doing this all wrong cause after 3.5 hours on google, I could not find a working answer or description of what I am trying to do.

 

SOS

Link to comment
Share on other sites
OldWest Regular Member

OldWest

Posted
  • Author
Posted

The problem with the way I am doing it now as in my last code snippet in this post, ALL of the id title and description are passed in the url!!! Makes a very LONG url string which is gross!!

 

Can anyone guide me to a tutorial or just tell me plain outright if the way I am doing it is TOTALLY wrong? I am guessing I am doing this all wrong cause after 3.5 hours on google, I could not find a working answer or description of what I am trying to do.

 

SOS

 

<?php
$posting_sql = "SELECT * FROM postings";
$posting_results = (mysqli_query($cxn, $posting_sql)) or die("Was not able to grab the Postings!");
while($posting_row = mysqli_fetch_array($posting_results)) {		
	echo "<li><a href='posting_details.php?id=$posting_row[id]&title=$posting_row[title]&description=$posting_row[description]'>$posting_row[title]</a></li>";
}
?>

 

Link to comment
Share on other sites
OldWest Regular Member

OldWest

Posted
  • Author
Posted

Just post the id, then on the posting_details.php script, use that id to execute another query and get all the details.

 

Nice. That worked perfect.. working as expected now  :)

 

Would you mind telling me if my code seems optimal for what I am doing or do you think there is a better method to this?

 

Here is my working code:

 

Page 1:

<?php
$posting_sql = "SELECT * FROM postings";
$posting_results = (mysqli_query($cxn, $posting_sql)) or die("Was not able to grab the Postings!");
while($posting_row = mysqli_fetch_array($posting_results)) {
	echo "<li><a href='posting_details.php?id=$posting_row[id]'>$posting_row[title]</a></li>";
}
?>

 

Page 2:

<?php
$posting_sql = "SELECT * FROM postings WHERE id='$_GET[id]'";
$posting_results = (mysqli_query($cxn, $posting_sql)) or die("Was not able to grab the Postings!");
$posting_row = mysqli_fetch_array($posting_results);
?>

<p>MySQL Primary Index ID: <?php echo $posting_row['id']; ?></p>

<h2>Product Title: <?php echo $posting_row['title']; ?></h2>

<p><strong>Product Description: </strong> <?php echo $posting_row['description']; ?></p>

 

 

 

 

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

While your code is working, it is far from well written, for a few reasons.

 

You should only ever query your tables for the data you need, don't use SELECT * And take a look at LIMIT

 

You should always sanitize user input. Using $_GET['id'] directly in a query opens all sorts of security holes. See mysql_real_escape_string.

 

You should ALWAYS check your queries succeed and actually return results bofore you start passing any result to functions such as mysql_fetch_*

Link to comment
Share on other sites
OldWest Regular Member

OldWest

Posted
  • Author
Posted

thorpe,

I updated my script and it's working fine, but is this the best it can be in terms of security? Should I also escape the id and city_name? the id is auto increment inserted and city_name is a select box which has predefined values.. thanks for any critique.

 

$title = mysqli_real_escape_string($cxn,$_POST['title']); // cleans the data that is passed.
$description = mysqli_real_escape_string($cxn,$_POST['description']); // cleans the data that is passed.
  
      $query = "INSERT INTO Postings (id, city_id, title, description) VALUES
('','$_POST[city]','$title','$description')" or mysqli_error();

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.