How do I get the ID value from the url?

Question

I am trying to make my own forums using a tutorial. I have already fixed quite a lot of errors and I have 1 left to do.

When you post a reply on a thread it will save your reply in a MySQL database. You reply will have an int that matches with the thread id you replied on, called question_id.

I cant get my code to get the thread id from the URL bar.

These are the 2 lines of code that should do the work:

$id = $_GET['id'];

$sql2="INSERT INTO $tbl_name(question_id, a_id, a_name, a_email, a_answer, a_datetime)VALUES('$id', '$Max_id', '$a_name', '$a_email', '$a_answer', '$datetime')";

And this is the entire file add_answer.php

<?php

$host="XXXXXX"; // Host name
$username="XXXXXX"; // Mysql username
$password="XXXXXX"; // Mysql password
$db_name="XXXXXX"; // Database name
$tbl_name="XXXXXX"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Get value of id that sent from hidden field
$id = $_GET['id'];
var_dump($id);

// Find highest answer number.
$sql="SELECT MAX(a_id) AS Maxa_id FROM $tbl_name WHERE question_id='$id'";
$result=mysql_query($sql);
$rows=mysql_fetch_array($result);

// $result=mysql_query($sql) or die(mysql_error());

// add + 1 to highest answer number and keep it in variable name "$Max_id". if there no answer yet set it = 1
if ($rows) {
    $Max_id = $rows['Maxa_id']+1;
}
else {
    $Max_id = 1;
}

// get values that sent from form
$a_name=$_POST['a_name'];
$a_email=$_POST['a_email'];
$a_answer=$_POST['a_answer'];

$datetime=date("d/m/y H:i:s"); // create date and time

// Insert answer
$sql2="INSERT INTO $tbl_name(question_id, a_id, a_name, a_email, a_answer, a_datetime)VALUES('$id', '$Max_id', '$a_name', '$a_email', '$a_answer', '$datetime')";
$result2=mysql_query($sql2) or die(mysql_error());

if($result2)
{
    echo "Successful<BR>";
    echo "<meta http-equiv='refresh' content='4;url=index.php?content=main_forum' />";

    // If added new answer, add value +1 in reply column
    $tbl_name2="forum_question";
    $sql3="UPDATE $tbl_name2 SET reply='$Max_id' WHERE id='$id'";
    $result3=mysql_query($sql3);

}
else {
    echo "An error as occured. Please report this to administrator. ID: FAA01.";
}

mysql_close();
?>

Answer 1

If you form is sent by post you should get the id with:

$id = $_POST['id'];

Answer 2

your $_GET[id] should be sanitized before touching mysql with it. As it stands right now you are in very real danager of an attack on your database. I suggest using PDO

It sucks to re-learn something, but if you are learning, its better to do it right.

As for your question...I don't know. I would try echo $sql2; and make sure the query looks right. Also print_r($_GET) to see your get array.

Answer 3

1. Does $_GET['id'] exist? As in, is it actually present in the URL? What is the exact URL used? Double-check there aren't any uppercase letters in the way, since you appear to mix cases a lot (tip: only use lower case letters in code)

2. Learn about addslashes and mysql_real_escape_string, otherwise someone WILL reduce your server to a melted wreck.

3. You have redundant error checking.

   $result2=mysql_query($sql2) or die(mysql_error());
   // ...
   if( $result2) {...} else {...}
   

That last bit is redundant, since if $result2 is false then it's already died.

Answer 4

You have to debug one thing at a time! You say:

I cant get my code to get the thread id from the url bar.

so the first place to look at is your browser's location bar, where the URL is. Why care about the next hundred lines of code if the first one is not right? If your thread ID is 999 and you want this code to fetch such ID:

$id = $_GET['id'];

... you need to see id=999 in the URL, after the ? symbol (which is mandatory) and before the # symbol (which is optional).

If ID is not here, you should be getting a notice:

Notice: Undefined index: id

If you don't, you haven't configured PHP properly. The simplest way is to find your php.ini file, set these directives:

error_reporting = E_ALL
display_errors = On

... and restart your web server.

Finally, learn to use var_dump().