Skip to main content
H
Hiu Ching26169588pka2
Known Participant
February 3, 2023
Answered

$_get and SQL

  • February 3, 2023
  • 1 reply
  • 460 views

Hi, i have problem on connecting 2 tables with $_get in SQL

First, i have shown the menu category on my website

I want to make a SQL to show the products what i clicked into the menu_category

Please check where did i do wrong in the coding.

    This topic has been closed for replies.
    Correct answer osgood_

    Why don't you just code the menu to return the menu_type??

     

    <a href="whateverURL.php?category=A">Clothing</a>

    <a href="whateverURL.php?category=B">Sports</a>

    <a href="whateverURL.php?category=C">Disney/USJ</a>

     

    Then:

     

    $category = $_GET['category'];

     

    $sql ="SELECT * FROM Products WHERE menu_type = '$category'"'

     

    No need for table joins for this simple task.

     

    I would advise NOT to include your php variable within the sql query, that's a security risk and open to sql injection attacks on your database. You should be using sql 'prepared statements'. Anything that a user can potentially alter through a $_GET  or a $_POST input field request should never be included directly within an sql query.

    1 reply

    H
    Hiu Ching26169588pka2Author
    Known Participant
    February 3, 2023

    so when i click "clothing" on the menu, (menu_type is "A"), i want to show the products that the menu_type is "A". So basically what i GET from menu, it will become the condition of selecting the products.

    O
    osgood_Correct answer
    Legend
    February 3, 2023

    Why don't you just code the menu to return the menu_type??

     

    <a href="whateverURL.php?category=A">Clothing</a>

    <a href="whateverURL.php?category=B">Sports</a>

    <a href="whateverURL.php?category=C">Disney/USJ</a>

     

    Then:

     

    $category = $_GET['category'];

     

    $sql ="SELECT * FROM Products WHERE menu_type = '$category'"'

     

    No need for table joins for this simple task.

     

    I would advise NOT to include your php variable within the sql query, that's a security risk and open to sql injection attacks on your database. You should be using sql 'prepared statements'. Anything that a user can potentially alter through a $_GET  or a $_POST input field request should never be included directly within an sql query.

      H
      Hiu Ching26169588pka2Author
      Known Participant
      February 5, 2023

      Thanks for your suggestion. i have tried it, but it seems fail

       

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices