Re: Noob question: Making search results clickable.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Make sure to reply all...

Paul Jinks wrote:
> Thanks to everyone for replying, it's much appreciated. Thanks
> especially for the final piece of the puzzle, Shawn, I don't think I
> was going to find it on my own - the display I have in mind is a
> little different, but I think I can figure it out. Will check all this
> out and let you know how I get on.
>
> Paul
>
> On Wed, Nov 18, 2009 at 3:33 PM, Shawn McKenzie <nospam@xxxxxxxxxxxxx> wrote:
>   
>> Gary Smith wrote:
>>     
>>> Paul Jinks wrote:
>>>       
>>>> Hi all
>>>>
>>>> I'm building a fairly basic php/mySql site but I'm running into
>>>> problems due to my total lack of experience. I have a database of
>>>> videos - each has a title, transcript, description and one or more
>>>> topics. So far I can search the database by topic (using a drop-down
>>>> menu), like this:
>>>>
>>>> <?php
>>>> $result = mysql_query("SELECT title FROM videos WHERE topic1= '$topic'");
>>>>
>>>>         
>>> Hi - first up, make sure that you're passing clean input. It's worth
>>> learning about security from the start. As you've mentioned below that
>>> you're using PHP, you can do this by making sure $topic has been put
>>> through mysql_real_escape_string() - it's not ideal, but it's better
>>> than nothing[1].
>>>       
>>>> while($row = mysql_fetch_array($result))
>>>>   {
>>>>   echo $row['title'];
>>>>   echo "<br />";
>>>>   }
>>>> ?>
>>>>
>>>>         
>>> What you'd probably be better doing is having something like this:
>>>
>>> printf("<a href='video_display.php?id=%s'>%s</a>", $row["id"],
>>> $row["title"]);
>>>
>>> And changing your query accordingly.
>>>
>>> Obviously, you'd need video_display.php to accept GET input in the form
>>> of id= as well.
>>>       
>> For the first piece Gary has it right, but your query needs to include
>> the id also.
>>
>> $result = mysql_query("SELECT id, title FROM videos WHERE topic1=
>> '$topic'");
>>
>> For the second piece, in video_display.php, you'd do something like this:
>>
>> $id = (int)$_GET['id'];
>> $result = mysql_query("SELECT * FROM videos WHERE id=$id LIMIT 1");
>>
>> if($result) {
>>    $row = mysql_fetch_array($result);
>>
>>    echo $row['title']."<br />";
>>    echo $row['description']."<br />";
>>    echo $row['title']."<br />";
>>    // etc...
>> } else {
>>    die("Invalid id");
>> }
>>
>> --
>> Thanks!
>> -Shawn
>> http://www.spidean.com
>>
>>     
>
>   

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux