$_get and SQL

Report · Feb 03, 2023

Hi, i have problem on connecting 2 tables with $_get in SQL

First, i have shown the menu category on my website

Screen Shot 2023-02-03 at 17.04.13.png

Screen Shot 2023-02-03 at 17.03.10.png

Screen Shot 2023-02-03 at 17.03.57.png

I want to make a SQL to show the products what i clicked into the menu_category

Screen Shot 2023-02-03 at 17.05.39.png

Please check where did i do wrong in the coding.

Screen Shot 2023-02-03 at 17.07.27.png

Report · Feb 03, 2023

so when i click "clothing" on the menu, (menu_type is "A"), i want to show the products that the menu_type is "A". So basically what i GET from menu, it will become the condition of selecting the products.

Report · Feb 03, 2023

Why don't you just code the menu to return the menu_type??

<a href="whateverURL.php?category=A">Clothing</a>

<a href="whateverURL.php?category=B">Sports</a>

<a href="whateverURL.php?category=C">Disney/USJ</a>

Then:

$category = $_GET['category'];

$sql ="SELECT * FROM Products WHERE menu_type = '$category'"'

No need for table joins for this simple task.

I would advise NOT to include your php variable within the sql query, that's a security risk and open to sql injection attacks on your database. You should be using sql 'prepared statements'. Anything that a user can potentially alter through a $_GET or a $_POST input field request should never be included directly within an sql query.