Edit.php?id=1 help

PHP
1

Hello all,

I am trying to make a page to update a database via a PHP page. After a failed attempt at a previous post, I was advised to go with the edit.php?id=1.

My questions are:
1 – the id=1, would that be the ID in the database?
2 – How would I start to do that? I am still learning PHP and do not know how to get the ID, and then be able to edit the page. Can any of you steer me in the right direction, or give me a tutorial that I can learn from?
3 – Is this a relatively easy process to do?

Thanks,

2

  1. The ID would be the database ID if it is to refer to the database record.

  2. You would retrieve the id from edit.php?id=1 by using the superglobal $_GET array ($id = $_GET[‘id’]; ). You can read more about this here: PHP: Predefined Variables - Manual

  3. Yes, it is. Once you get used to it, it will be like second nature.

3

Thank you so much for your reply.

So, I have the code below… firstly, connecting to the database, getting the ID, and then selecting the id=$id that they picked. So, now I would need to create the form, and then once the form is created, how would I make it update that particular ID?

<?php

$host = 'localhost';
$username = 'bobby';
$password = '*****';
$database = '*****';

mysql_connect($host,$username,$password); 
@mysql_select_db($database) or die( "Unable to select database"); 

$id = $_GET['id'];

$sql = "SELECT * FROM equipment WHERE id='$id'"; 
$result = mysql_query($sql);
4

Two ways to do it.

  1. Include a hidden form field.

<input type='hidden' name='id' value='<?php echo $_GET['id'] ?>'>

(now id will be in the $_POST[‘id’] field, assuming you’re using post to send your form)

  1. Use the ID as a GET variable again…

<form method='post' action='edit.php?id=<?php echo $_GET['id'] ?>'>

it’s worth mentioning at this point that you should look into sanitizing your input. [FPHP]mysql_real_escape_string[/FPHP] good place to start. Take a look at Example 2 for a reason why I mention this.

5

Pretty much what StarLion said, but I just want to add a little clarification, just in case.

When you send the variables by link or use a form with a method=“get”, then you will find your variables in the $_GET array, but if you use a form with a method=“post”, then you will find the variables in the $_POST array.

You should always make sure that your variables are what you expect them to be, meaning an integer is actually an integer and so on. Before you do this:


$id = $_GET['id'];

$sql = "SELECT * FROM equipment WHERE id='$id'";

You want to make sure that the variable doesn’t contain a harmful string. mysql_real_escape_string is a good function, but feel free to use more stringent variable checks if you expect a variable to be an integer specifically or one of a group of possibilities.