Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 5 of 5

Thread: URL and query

  1. #1
    Junior Member
    Join Date
    Apr 2007
    Posts
    3
    Member #
    15182
    Sorry, I've tried searching but I think I lack the vocab to get the answers I require.

    I've started to learning php / sql, and are creating a very simple website for documenting changes, almost like a ticketing system.

    So far, I have a form entry page that inserts all the required info in an sql database, into one table, which is working perfectly. I also have a page set up to retrive information based on it's ticket number where by the user enters the ticket number into a form entry box, on clicking submit they are taken to a new page where by the results are displayed.

    However what I'd like is to be able to send someone a url so they can directly open the ticket without needing to go through the other pages, this seemed simple enough, but I can't get it working. No matter what I try I cannot get the results to be displayed. My code for the results page which is working is this (where by the user needs to use the search page, which is then directed to this)-

    Code:
    <?php 
    $searchfor=$_POST['search']; 
    // Connects to your Database 
    mysql_connect("localhost","deleted"); 
    mysql_select_db("deleted"); 
    $data = mysql_query("SELECT * FROM changerequest WHERE ticketnumber='$searchfor'")
    or die(mysql_error()); 
    Print "<table border cellpadding=3>"; 
    while($info = mysql_fetch_array( $data )) 
    { 
    Print "<tr>"; 
    Print "<th>ticketnumber:</th> <td>".$info['ticketnumber'] . "</td> "; 
    Print "<th>customerref:</th> <td>".$info['customerref'] . "</td> "; 
    Print "<th>customercontact:</th> <td>".$info['customercontact'] . "</td> "; 
    Print "<th>raisedby:</th> <td>".$info['rasiedby'] . "</td> "; 
    Print "<th>quickdescrip:</th> <td>".$info['quickdescrip'] . " </td></tr>"; 
    } 
    Print "</table>"; 
    ?>
    <body>
    </body>
    </html>
    Using the above code as a base, how can I alter it so that I can do

    http://mywebsite.com/resultspage.php?id=theticketnumber.

  2.  

  3. #2
    Senior Member
    Join Date
    May 2003
    Location
    UK
    Posts
    2,354
    Member #
    1326
    You are trying to assign the number of that particular result/row.

    You should be using the superglobal $_GET not $_POST

    Try this:
    PHP Code:
    <?php 
    $searchfor
    =$_GET['search']; 
    // add some security!
    // Connects to your Database 
    mysql_connect("localhost","deleted"); 
    mysql_select_db("deleted"); 
    $data mysql_query("SELECT * FROM changerequest WHERE ticketnumber='$searchfor'")
    or die(
    mysql_error()); 
    Print 
    "<table border cellpadding=3>"
    while(
    $info mysql_fetch_array$data )) 

    Print 
    "<tr>"
    Print 
    "<th>ticketnumber:</th> <td>".$info['ticketnumber'] . "</td> "
    Print 
    "<th>customerref:</th> <td>".$info['customerref'] . "</td> "
    Print 
    "<th>customercontact:</th> <td>".$info['customercontact'] . "</td> "
    Print 
    "<th>raisedby:</th> <td>".$info['rasiedby'] . "</td> "
    Print 
    "<th>quickdescrip:</th> <td>".$info['quickdescrip'] . " </td></tr>"

    Print 
    "</table>"
    ?>
    You should check and escape the variable $searchfor before you hand it to your query though.

  4. #3
    Junior Member
    Join Date
    Apr 2007
    Posts
    3
    Member #
    15182
    Quote Originally Posted by bfsog
    You are trying to assign the number of that particular result/row.

    You should be using the superglobal $_GET not $_POST

    Try this:
    PHP Code:
    <?php 
    $searchfor
    =$_GET['search']; 
    // add some security!
    // Connects to your Database 
    mysql_connect("localhost","deleted"); 
    mysql_select_db("deleted"); 
    $data mysql_query("SELECT * FROM changerequest WHERE ticketnumber='$searchfor'")
    or die(
    mysql_error()); 
    Print 
    "<table border cellpadding=3>"
    while(
    $info mysql_fetch_array$data )) 

    Print 
    "<tr>"
    Print 
    "<th>ticketnumber:</th> <td>".$info['ticketnumber'] . "</td> "
    Print 
    "<th>customerref:</th> <td>".$info['customerref'] . "</td> "
    Print 
    "<th>customercontact:</th> <td>".$info['customercontact'] . "</td> "
    Print 
    "<th>raisedby:</th> <td>".$info['rasiedby'] . "</td> "
    Print 
    "<th>quickdescrip:</th> <td>".$info['quickdescrip'] . " </td></tr>"

    Print 
    "</table>"
    ?>
    You should check and escape the variable $searchfor before you hand it to your query though.
    Cheers, working perfectly. I tried the _GET before, but I was being constantly plagued with errors. I must have had some sort of typo within a previous copy I was working from. Either way it's now working.

    I used POST as the orginal data was coming from a form, and the form contains a description which I beleive will too long to pass via the URL.

    When you say I should //add security, are you refering to checking the data that it's accurate?

    This site will only be used internally, and will never be outside facing - however once I'm happy with how information is being passed I'll sort out how to do the validation of what's being put into the system.

    Cheers!

  5. #4
    Senior Member
    Join Date
    May 2003
    Location
    UK
    Posts
    2,354
    Member #
    1326
    Security wise, $searchfor could be some malicious code, which is easily set via the address bar.

    What I like to do, is
    1: Check $searchfor is numeric (presuming your ID's are),
    2: Similar or instead of point 1, I use http://uk.php.net/manual/en/function.strip-tags.php
    3: And http://uk.php.net/mysql_real_escape_string

  6. #5
    Junior Member
    Join Date
    Apr 2007
    Posts
    3
    Member #
    15182
    Quote Originally Posted by bfsog
    Security wise, $searchfor could be some malicious code, which is easily set via the address bar.

    What I like to do, is
    1: Check $searchfor is numeric (presuming your ID's are),
    2: Similar or instead of point 1, I use http://uk.php.net/manual/en/function.strip-tags.php
    3: And http://uk.php.net/mysql_real_escape_string
    Fantastic, will sort that out once I've got the basic side of things working. Cheers.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 03:03 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com