How can I get the data on the id and show on the php page?

<!DOCTYPE html> <html> <head> <link rel="stylesheet" type="text/css" href="style/style.css"> <meta charset="utf-8"> <title>xxx</title> </head> <body> <?php $servername = 'localhost'; $username = 'root'; $password = ''; $dbname = 'big-torrent'; $conn = new mysqli($servername, $username, $password, $dbname); mysql_select_db("big-torrent"); $strSQL = "SELECT * FROM games"; $rs = mysql_query($strSQL); while($row = mysql_fetch_array($rs)) { ?> <ul id="ulform"><li id="liform"> <div class="container" align="center"> <img src="<?php echo $row['full_path'] ?>" alt="<?php echo $row['name'] ?>" class="image"> <div class="overlay"> <div class="text"><?php echo "<a href='".$row['link']."' id='atext'>".$row['name'] .'<br>'. ' - скачат - ' . $row['size'] . "</a>";?></div> </div> <div align="center" id="textname"> <?php echo $row['name']; ?> </div> </div> </li> </ul> <?php } mysql_close(); ?> </body> </html>
  • From where do you want to get the data? Not a lot of specifics and sample code possible? - Yaroslav Molchan
  • Add your code. - MihailPw
  • I want to create a site, I have pictures of games on the main page and they have an id, and I want to create a page where the id-dependent data changed? - haykhaen
  • Get the id from the $ _GET or $ _POST array, and pass the id in a POST or GET request using the request body in the first case or using the parameters in the second case. And you still have an error, connect via mysqli, and functions are used by mysql - Firepro

1 answer 1

To begin with, I advise you to tidy up the code and separate the model from the presentation, otherwise as the amount of code grows you will get entangled in it.

About your question specifically, if we are talking about this piece of code:

 $strSQL = "SELECT * FROM games";

here a simple WHERE query is made:

 "SELECT * FROM games WHERE id='".$id."' LIMIT 1;"

PS As correctly noted by @Firepro, safe and pre-formatted data should be sent to the $ id variable.

  • For such a concatenation of the id variable into the database query string, the novice hacker says somewhere 'thank you' :) Minus you for not observing the security of preparing queries until you correct the answer. - Firepro
  • @Firepro justify your assumption. why did not you like the concatenation in my example? Nobody said that the $ id variable comes in a raw query. it must be filtered (special characters escaped) and checked for compliance with the data type (for example, is_numeric, etc.). - Dmitry Maslennikov
  • This would at least be added to the answer in order to keep newcomers from thinking of concatenating the raw variable. And ideally it would be to direct the user to the right path and suggest using built-in prepared queries (id =?) Instead of the proposed concatenation in order to increase security and reduce the likelihood of security error due to human factor - Firepro
  • @Firepro yes, it makes sense to add in my answer (about the security of incoming data). as for the query itself, of course, you can use CONCAT, prepared expressions, but in practice this only complicates the code without any benefit (of course, if the incoming variables have already been properly checked and formatted). - Dmitry Maslennikov
  • @Firepro, moreover, network security issues in this example will be clearly redundant (this is a huge topic that cannot be explained in 5 minutes). the author asked about the usual WHERE query, and you throw it into the prepared expressions))) - Dmitry Maslennikov