Noob question: Making search results clickable.

Hi all

I'm building a fairly basic php/mySql site but I'm running into
problems due to my total lack of experience. I have a database of
videos - each has a title, transcript, description and one or more
topics. So far I can search the database by topic (using a drop-down
menu), like this:

$result = mysql_query("SELECT title FROM videos WHERE topic1= '$topic'");

while($row = mysql_fetch_array($result))
{
echo $row['title'];
echo "
";
}
?>

Basic, but it works. What I'd like now is to make the search results
clickable so clicking them leads to a page showing all the details of
that video. I have a page "video_display.php" set up, ready to display
the details from the database, but how do I connect the two?

Thanks in advance

Paul

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Noob question: Making search results clickable.

Paul Jinks wrote:
> Hi all
>
> I'm building a fairly basic php/mySql site but I'm running into
> problems due to my total lack of experience. I have a database of
> videos - each has a title, transcript, description and one or more
> topics. So far I can search the database by topic (using a drop-down
> menu), like this:
>
> > $result = mysql_query("SELECT title FROM videos WHERE topic1= '$topic'");
>
Hi - first up, make sure that you're passing clean input. It's worth
learning about security from the start. As you've mentioned below that
you're using PHP, you can do this by making sure $topic has been put
through mysql_real_escape_string() - it's not ideal, but it's better
than nothing[1].
> while($row = mysql_fetch_array($result))
> {
> echo $row['title'];
> echo "
";
> }
> ?>
>
What you'd probably be better doing is having something like this:

printf("", $row["id"],
$row["title"]);

And changing your query accordingly.

Obviously, you'd need video_display.php to accept GET input in the form
of id= as well.

Cheers,

Gary

[1] It's not a magic bullet in so far as it doesn't stop SQL injection.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Noob question: Making search results clickable.

On Wed, Nov 18, 2009 at 03:04:13PM +0000, Paul Jinks wrote:

> Hi all
>
> I'm building a fairly basic php/mySql site but I'm running into
> problems due to my total lack of experience. I have a database of
> videos - each has a title, transcript, description and one or more
> topics. So far I can search the database by topic (using a drop-down
> menu), like this:
>
> > $result = mysql_query("SELECT title FROM videos WHERE topic1= '$topic'");
>
> while($row = mysql_fetch_array($result))
> {
> echo $row['title'];
> echo "
";
> }
> ?>
>
> Basic, but it works. What I'd like now is to make the search results
> clickable so clicking them leads to a page showing all the details of
> that video. I have a page "video_display.php" set up, ready to display
> the details from the database, but how do I connect the two?

Replace your query with:

"SELECT title, id FROM videos WHERE topid1 = '$topic'"

or whatever index you have to select a particular video from your table.

Replace your echo statement above with:

echo "";

Then ensure that video_display.php is set up to fetch the video whose ID
is passed to it via the GET parameter.

All this assumes I understood what you're getting at. Which is
questionable. ;-}

Paul

--
Paul M. Foster

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Noob question: Making search results clickable.

Gary Smith wrote:
> Paul Jinks wrote:
>> Hi all
>>
>> I'm building a fairly basic php/mySql site but I'm running into
>> problems due to my total lack of experience. I have a database of
>> videos - each has a title, transcript, description and one or more
>> topics. So far I can search the database by topic (using a drop-down
>> menu), like this:
>>
>> >> $result = mysql_query("SELECT title FROM videos WHERE topic1= '$topic'");
>>
> Hi - first up, make sure that you're passing clean input. It's worth
> learning about security from the start. As you've mentioned below that
> you're using PHP, you can do this by making sure $topic has been put
> through mysql_real_escape_string() - it's not ideal, but it's better
> than nothing[1].
>> while($row = mysql_fetch_array($result))
>> {
>> echo $row['title'];
>> echo "
";
>> }
>> ?>
>>
> What you'd probably be better doing is having something like this:
>
> printf("", $row["id"],
> $row["title"]);
>
> And changing your query accordingly.
>
> Obviously, you'd need video_display.php to accept GET input in the form
> of id= as well.

For the first piece Gary has it right, but your query needs to include
the id also.

$result = mysql_query("SELECT id, title FROM videos WHERE topic1=
'$topic'");

For the second piece, in video_display.php, you'd do something like this:

$id = (int)$_GET['id'];
$result = mysql_query("SELECT * FROM videos WHERE id=$id LIMIT 1");

if($result) {
$row = mysql_fetch_array($result);

echo $row['title']."
";
echo $row['description']."
";
echo $row['title']."
";
// etc...
} else {
die("Invalid id");
}

--
Thanks!
-Shawn
http://www.spidean.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Noob question: Making search results clickable.

Shawn McKenzie wrote:
> Gary Smith wrote:
>
>> And changing your query accordingly.
>>
> For the first piece Gary has it right, but your query needs to include
> the id also.
>
Yeah, as I mentioned, he'd need to change the query accordingly, either
to select id,title or select *

Cheers,

Gary


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Noob question: Making search results clickable.

Make sure to reply all...

Paul Jinks wrote:
> Thanks to everyone for replying, it's much appreciated. Thanks
> especially for the final piece of the puzzle, Shawn, I don't think I
> was going to find it on my own - the display I have in mind is a
> little different, but I think I can figure it out. Will check all this
> out and let you know how I get on.
>
> Paul
>
> On Wed, Nov 18, 2009 at 3:33 PM, Shawn McKenzie wrote:
>
>> Gary Smith wrote:
>>
>>> Paul Jinks wrote:
>>>
>>>> Hi all
>>>>
>>>> I'm building a fairly basic php/mySql site but I'm running into
>>>> problems due to my total lack of experience. I have a database of
>>>> videos - each has a title, transcript, description and one or more
>>>> topics. So far I can search the database by topic (using a drop-down
>>>> menu), like this:
>>>>
>>>> >>>> $result = mysql_query("SELECT title FROM videos WHERE topic1= '$topic'");
>>>>
>>>>
>>> Hi - first up, make sure that you're passing clean input. It's worth
>>> learning about security from the start. As you've mentioned below that
>>> you're using PHP, you can do this by making sure $topic has been put
>>> through mysql_real_escape_string() - it's not ideal, but it's better
>>> than nothing[1].
>>>
>>>> while($row = mysql_fetch_array($result))
>>>> {
>>>> echo $row['title'];
>>>> echo "
";
>>>> }
>>>> ?>
>>>>
>>>>
>>> What you'd probably be better doing is having something like this:
>>>
>>> printf("", $row["id"],
>>> $row["title"]);
>>>
>>> And changing your query accordingly.
>>>
>>> Obviously, you'd need video_display.php to accept GET input in the form
>>> of id= as well.
>>>
>> For the first piece Gary has it right, but your query needs to include
>> the id also.
>>
>> $result = mysql_query("SELECT id, title FROM videos WHERE topic1=
>> '$topic'");
>>
>> For the second piece, in video_display.php, you'd do something like this:
>>
>> $id = (int)$_GET['id'];
>> $result = mysql_query("SELECT * FROM videos WHERE id=$id LIMIT 1");
>>
>> if($result) {
>> $row = mysql_fetch_array($result);
>>
>> echo $row['title']."
";
>> echo $row['description']."
";
>> echo $row['title']."
";
>> // etc...
>> } else {
>> die("Invalid id");
>> }
>>
>> --
>> Thanks!
>> -Shawn
>> http://www.spidean.com
>>
>>
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Noob question: Making search results clickable.

On Wed, 18 Nov 2009 10:31:59 -0500, Paul M Foster wrote:

> Replace your query with:
>
> "SELECT title, id FROM videos WHERE topid1 = '$topic'"
>
> or whatever index you have to select a particular video from your table.
>
> Replace your echo statement above with:
>
> echo "";

Without actually checking, I don't think "$row[...]"
is going to work in double quoted strings. I'm pretty
sure it needs to be in braces. You also need to escape
the double quotes and put the array indexes in single
quotes:

echo " href=\"video_display.php?video_id={$row['id']}\">{$row['titl e']}";


Personally, I prefer something like this:

$id = $row['id']; /* No urlencode(), assuming numerical id */
$title_h = htmlspecialchars ($row['title']);

echo "";

or (somewhat cleaner):

echo <<<_

_;


/Nisse

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Noob question: Making search results clickable.

--=-LT66Cp8Gsck4Nd+yB6xP
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, 2009-11-19 at 10:09 -0500, Paul M Foster wrote:

> On Thu, Nov 19, 2009 at 03:53:55PM +0100, Nisse Engström wrote:
>=20
> > On Wed, 18 Nov 2009 10:31:59 -0500, Paul M Foster wrote:
> >=20
> > > Replace your query with:
> > >
> > > "SELECT title, id FROM videos WHERE topid1 =3D '$topic'"
> > >
> > > or whatever index you have to select a particular video from your tab=
le.
> > >
> > > Replace your echo statement above with:
> > >
> > > echo "$row[title] a>";
> >=20
> > Without actually checking, I don't think "$row[...]"
> > is going to work in double quoted strings. I'm pretty
> > sure it needs to be in braces. You also need to escape
> > the double quotes and put the array indexes in single
> > quotes:
> >=20
> > echo " > > href=3D\"video_display.php?video_id=3D{$row['id']}\">{$row[' title']} >";
> >=20
>=20
> Ahem. You are correct. I should have escaped the double quotes. I've
> *never* made this kind of mistake before. ;-}
>=20
> Paul
>=20
> --=20
> Paul M. Foster
>=20


Gonna go to PHP hell for that faux pas!

Thanks,
Ash
http://www.ashleysheridan.co.uk



--=-LT66Cp8Gsck4Nd+yB6xP--

On Thu, Nov 19, 2009 at 03:53:55PM +0100, Nisse Engström wrote:

> On Wed, 18 Nov 2009 10:31:59 -0500, Paul M Foster wrote:
>
> > Replace your query with:
> >
> > "SELECT title, id FROM videos WHERE topid1 = '$topic'"
> >
> > or whatever index you have to select a particular video from your table.
> >
> > Replace your echo statement above with:
> >
> > echo "";
>
> Without actually checking, I don't think "$row[...]"
> is going to work in double quoted strings. I'm pretty
> sure it needs to be in braces. You also need to escape
> the double quotes and put the array indexes in single
> quotes:
>
> echo " > href=\"video_display.php?video_id={$row['id']}\">{$row['titl e']}";
>

Ahem. You are correct. I should have escaped the double quotes. I've
*never* made this kind of mistake before. ;-}

Paul

--
Paul M. Foster

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Noob question: Making search results clickable.

On Thu, Nov 19, 2009 at 03:07:42PM +0000, Ashley Sheridan wrote:

> On Thu, 2009-11-19 at 10:09 -0500, Paul M Foster wrote:
>



>
> Ahem. You are correct. I should have escaped the double quotes. I've
> *never* made this kind of mistake before. ;-}
>
> Paul
>
> --
> Paul M. Foster
>
>
>
> Gonna go to PHP hell for that faux pas!
>

PHP Hell Characteristics:

Endless pages of code *you* have to make work.

Tons of PHP code embedded in HTML. Not an MVC in sight.

Everything is full of misquoted variables.

All variables are *slightly* misspelled.

Every PHP page terminated with ?> and then a couple more CRLF
combinations, just to make sure you can't figure out why your pages
won't display.

No security checking of any POST or GET variables. In fact, all input is
guaranteed to contain javascript fragments.

Parameters in all PHP function calls are out of order.

No access to php.net. And no XKCD.com.

No caffeine. No nicotine. No pizza.

The phone won't quit ringing, and you can't disconnect it. It's always
customers asking for senseless and nonsensical modifications.

If you're a vim user, you're forced to use emacs. If you're an emacs
user, you have to use vim. And if you use an IDE, you're stuck with
Microsoft Word.

Paul

--
Paul M. Foster

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: Noob question: Making search results clickable.

PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBOaXNzZSBF
bmdzdHLDtm0gW21haWx0bzpuZXdzLk5PU1BBTS4waXhidHFLZUBsdWRlbi5z
ZV0NCj4gU2VudDogMTkgTm92ZW1iZXIgMjAwOSAxNDo1NA0KPiBUbzogcGhw
LWdlbmVyYWxAbGlzdHMucGhwLm5ldA0KPiBTdWJqZWN0OiBSZTogW1BIUF0g
Tm9vYiBxdWVzdGlvbjogTWFraW5nIHNlYXJjaCByZXN1bHRzIGNsaWNrYWJs
ZS4NCj4gDQo+IE9uIFdlZCwgMTggTm92IDIwMDkgMTA6MzE6NTkgLTA1MDAs
IFBhdWwgTSBGb3N0ZXIgd3JvdGU6DQo+IA0KPiA+IFJlcGxhY2UgeW91ciBx
dWVyeSB3aXRoOg0KPiA+DQo+ID4gIlNFTEVDVCB0aXRsZSwgaWQgRlJPTSB2
aWRlb3MgV0hFUkUgdG9waWQxID0gJyR0b3BpYyciDQo+ID4NCj4gPiBvciB3
aGF0ZXZlciBpbmRleCB5b3UgaGF2ZSB0byBzZWxlY3QgYSBwYXJ0aWN1bGFy
IHZpZGVvIGZyb20geW91cg0KPiB0YWJsZS4NCj4gPg0KPiA+IFJlcGxhY2Ug
eW91ciBlY2hvIHN0YXRlbWVudCBhYm92ZSB3aXRoOg0KPiA+DQo+ID4gZWNo
byAiPGENCj4gaHJlZj0idmlkZW9fZGlzcGxheS5waHA/dmlkZW9faWQ9JHJv
d1tpZF0iPiRyb3dbdGl0bGVdPC9hPiI7DQo+IA0KPiBXaXRob3V0IGFjdHVh
bGx5IGNoZWNraW5nLCBJIGRvbid0IHRoaW5rICIkcm93Wy4uLl0iDQo+IGlz
IGdvaW5nIHRvIHdvcmsgaW4gZG91YmxlIHF1b3RlZCBzdHJpbmdzLiBJJ20g
cHJldHR5DQo+IHN1cmUgaXQgbmVlZHMgdG8gYmUgaW4gYnJhY2VzLiBZb3Ug
YWxzbyBuZWVkIHRvIGVzY2FwZQ0KPiB0aGUgZG91YmxlIHF1b3RlcyBhbmQg
cHV0IHRoZSBhcnJheSBpbmRleGVzIGluIHNpbmdsZQ0KPiBxdW90ZXM6DQoN
CllvdSBzaG91bGQgaGF2ZSBjaGVja2VkLCBiZWNhdXNlICIuLi4kcm93W3Rp
dGxlXS4uLiIgaXMgYSB2YWxpZCBhbHRlcm5hdGl2ZSBmb3IgIi4uLnskcm93
Wyd0aXRsZSddfS4uLiIuDQoNClBlcnNvbmFsbHksIEkgbmV2ZXIgdXNlIGl0
IGJlY2F1c2Ugb2YgaXQgbm90IGhhdmluZyB0aGUgc2FtZSBtZWFuaW5nIG91
dHNpZGUgYSBkb3VibGUtcXVvdGVkIHN0cmluZyAtLSBidXQgaXQgaXMgYSBk
b2N1bWVudGVkIGZlYXR1cmUuDQoNCkNoZWVycyENCg0KTWlrZQ0KIC0tIA0K
TWlrZSBGb3JkLA0KRWxlY3Ryb25pYyBJbmZvcm1hdGlvbiBEZXZlbG9wZXIs
IExpYnJhcmllcyBhbmQgTGVhcm5pbmcgSW5ub3ZhdGlvbiwgIA0KTGVlZHMg
TWV0cm9wb2xpdGFuIFVuaXZlcnNpdHksIEM1MDcsIENpdmljIFF1YXJ0ZXIg
Q2FtcHVzLCANCldvb2Rob3VzZSBMYW5lLCBMRUVEUyzCoCBMUzEgM0hFLMKg
IFVuaXRlZCBLaW5nZG9tIA0KRW1haWw6IG0uZm9yZEBsZWVkc21ldC5hYy51
ayANClRlbDogKzQ0IDExMyA4MTIgNDczMA0KDQoNCg0KCgpUbyB2aWV3IHRo
ZSB0ZXJtcyB1bmRlciB3aGljaCB0aGlzIGVtYWlsIGlzIGRpc3RyaWJ1dGVk
LCBwbGVhc2UgZ28gdG8gaHR0cDovL2Rpc2NsYWltZXIubGVlZHNtZXQuYWMu
dWsvZW1haWwuaHRtCg==

Re: Noob question: Making search results clickable.

On Thu, Nov 19, 2009 at 11:46 AM, Paul M Foster w=
rote:
> On Thu, Nov 19, 2009 at 03:07:42PM +0000, Ashley Sheridan wrote:
>
>> On Thu, 2009-11-19 at 10:09 -0500, Paul M Foster wrote:
>>
>
>
>
>>
>> =A0 =A0 Ahem. You are correct. I should have escaped the double quotes. =
I've
>> =A0 =A0 *never* made this kind of mistake before. ;-}
>>
>> =A0 =A0 Paul
>>
>> =A0 =A0 --
>> =A0 =A0 Paul M. Foster
>>
>>
>>
>> Gonna go to PHP hell for that faux pas!
>>
>
> PHP Hell Characteristics:
>
> Endless pages of code *you* have to make work.
>
> Tons of PHP code embedded in HTML. Not an MVC in sight.
>
> Everything is full of misquoted variables.
>
> All variables are *slightly* misspelled.
>
> Every PHP page terminated with ?> and then a couple more CRLF
> combinations, just to make sure you can't figure out why your pages
> won't display.
>
> No security checking of any POST or GET variables. In fact, all input is
> guaranteed to contain javascript fragments.
>
> Parameters in all PHP function calls are out of order.
>
> No access to php.net. And no XKCD.com.
>
> No caffeine. No nicotine. No pizza.
>
> The phone won't quit ringing, and you can't disconnect it. It's always
> customers asking for senseless and nonsensical modifications.
>
> If you're a vim user, you're forced to use emacs. If you're an emacs
> user, you have to use vim. And if you use an IDE, you're stuck with
> Microsoft Word.
>
> Paul
>
> --
> Paul M. Foster
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Aw, hell, I am already here then....the only thing missing above was
being forced to work in classic ASP

--=20

Bastien

Cat, the other other white meat

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Noob question: Making search results clickable.

On Thu, 19 Nov 2009 17:02:53 -0000, "Ford, Mike" wrote:

>> -----Original Message-----
>> From: Nisse Engström [mailto:news.NOSPAM.0ixbtqKe@luden.se]
>>
>> Without actually checking, I don't think "$row[...]"
>> is going to work in double quoted strings. I'm pretty
>> sure it needs to be in braces. You also need to escape
>> the double quotes and put the array indexes in single
>> quotes:
>
> You should have checked, because "...$row[title]..." is a valid
> alternative for "...{$row['title']}...".

I didn't know that. It never occured to me to *not*
use single quotes around the index...

> Personally, I never use it because of it not having the same meaning
> outside a double-quoted string -- but it is a documented feature.

Right. I always use braces (or dot-concatenation) for
anything beyond a simple variable name.


/Nisse

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Noob question: Making search results clickable.

On Thu, 19 Nov 2009 15:07:42 +0000, Ashley Sheridan wrote:

> On Thu, 2009-11-19 at 10:09 -0500, Paul M Foster wrote:
>>
>> Ahem. You are correct. I should have escaped the double quotes. I've
>> *never* made this kind of mistake before. ;-}
>
> Gonna go to PHP hell for that faux pas!

I'll see you both there. :-)


/Nisse

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Noob question: Making search results clickable.

Ford, Mike wrote:
>> -----Original Message-----
>> From: Nisse Engström [mailto:news.NOSPAM.0ixbtqKe@luden.se]
>> Sent: 19 November 2009 14:54
>> To: php-general@lists.php.net
>> Subject: Re: [PHP] Noob question: Making search results clickable.
>>
>> On Wed, 18 Nov 2009 10:31:59 -0500, Paul M Foster wrote:
>>
>>> Replace your query with:
>>>
>>> "SELECT title, id FROM videos WHERE topid1 = '$topic'"
>>>
>>> or whatever index you have to select a particular video from your
>> table.
>>> Replace your echo statement above with:
>>>
>>> echo " >> href="video_display.php?video_id=$row[id]">$row[title]";
>>
>> Without actually checking, I don't think "$row[...]"
>> is going to work in double quoted strings. I'm pretty
>> sure it needs to be in braces. You also need to escape
>> the double quotes and put the array indexes in single
>> quotes:
>
> You should have checked, because "...$row[title]..." is a valid alternative for "...{$row['title']}...".
>
> Personally, I never use it because of it not having the same meaning outside a double-quoted string -- but it is a documented feature.
>

yup, which sucks and breaks at the drop of a hat, like..

$a = array();
$a['val id'] = 123;
echo "something $a[val id] and more";

produces: parse error, expecting `']''

best avoided imho

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php