MySQL: show content in permalinks by row id
I am trying to create my own CMS and I am fairly new to php and mysql. Let me understand:
So far, I have created news on the index page with "read more" permalinks (this means that when I click further, it moves me to another page, for example /readmore.php?id=[news ID]
, and on this page, the only content is that specific news, that is, a specific row from the table What I'm stuck with is getting this row id in this permalink.
Let me show you the code that is currently working for me.
index file with news:
while($row = mysql_fetch_array($result))
{
/*... title, news content... */
echo "<a href='readmore.php?id=".$row['ID']."'>".$read_more_link."</a></div>";
}
readmore.php with the exact line (e.g. readmore.php? id = 1201):
$params = $_SERVER['QUERY_STRING'];
$str = $params;
$id1 = $str[strlen($str)-1];
$id2 = $str[strlen($str)-2];
$id3 = $str[strlen($str)-3];
$id4 = $str[strlen($str)-4];
$news_id = "$id4$id3$id2$id1";
$query = "SELECT * FROM naujiena WHERE ID='$news_id'";
Basically what it does is it retrieves the last 4 digits from the address bar and looks for this news with that 4 digit ID
This is a very primitive way of doing it, but I've been stuck with this for a few days and can't find a way out.
What I've tried before is to create a variable with a session in a loop while($row = mysql_fetch_array($result))
, it shows the IDs on the index page as it should, but on the readmore page only the last or the first (depending on desc or asc), which was quite obvious to expect
Could you help me? I would appreciate.
source to share
You can access the values โโin the query string by name in the array $_GET
.
For example, $_GET['id']
will be the value of a portion of id=<ID>
a query string. It works for every field in the query string.
// url : readmore.php?id=1201
$news_id = intval($_GET['id']);
// now, $news_id contains the value 1201
$query = "SELECT * FROM naujiena WHERE ID='$news_id'";
You can read the official help: $_GET
or one of the various tutorials you can find online: http://www.w3schools.com/php/php_get.asp
Update
Since you accepted my answer, I feel compelled to drop a word about SQL injection as well. You should always sanitize any input you use in a SQL query with mysql_real_escape_string
. You can find more information on Wikipedia: SQL Injection or in PHP documentation: SQL Injection .
Since your IDs are numeric values, you can do this as well. I have updated the code snippet to do this with intval
.
source to share
To extract query string parameters in php use $_GET
super-global, for example:
$_GET["id"]
Also note that any data provided by the remote (user, browser, etc.) could be tampered with. So the attacker can also send you ?id=0; DROP TABLE users
or something similar.
Learn more about SQL Injection .
It's always a good idea to validate input. You expect the id to be an integer, so to be safe you can checkif(ctype_digit($_GET["id"]))) ...
Finally, it's also a good idea to sanitize any input you use in your SQL statements. Use mysql_real_escape_string()
or consider usingPDO
source to share
To get a specific HTTP-GET variable you can use $_GET["variableName"]
. In your case, you can get an id like:
$news_id = $_GET["id"];
source to share