0

Ok so I basically have generated a list of links that use forms to send a variable to PHP that would allow me to load different things on the next page from each link. However, each link seems to only request the same data from the database each time. the PHP version I'm using is version 5.3.14.

Here is the first page's php code:

    <?php
        //DATABASE CONNECTION

        $News=mysql_query("SELECT * FROM Tutorial");
        while($row=mysql_fetch_array($News))
          {
            printf("<div class='NewsItem'><div class='title'>%s</div><form enctype='multipart/form-data' action='tutorial.php' method='post'><input type='hidden' name='tutorial' value='%s'/><input type='submit' name='submit' value='%s' id='hyperlink-style-button'/></div>", $row['Title'], $row['Title'], $row['Title']);
          }
        ?>

And here is the second page's php code which I want the forms to allow me to display a different thing from each link

<?php
    //DATABASE CONNECTION

    $Tutorial=$_POST['tutorial'];
    $query="SELECT * FROM Tutorial WHERE Title='$Tutorial'";
    $News=mysql_query($query);
    while($row=mysql_fetch_array($News))
      {
        printf("<div class='NewsItem'><div class='title'>%s</div>%s</div>", $row['Title'], $row['Tutorial']);
      }
     unset($_POST['tutorial']);
     unset($Tutorial);
    ?>

Any ideas on how to stop it from always using the same data no matter which link is clicked? Also if you need to see the code in action here is the link to the first page:Example of the website

Jarod Macdonald
  • 13
  • 2
  • I think you may have been a touch quick on that submit button. you should edit to add the rest of your question. – Fluffeh Aug 31 '13 at 12:05
  • Yeah I was, sorry edited now. – Jarod Macdonald Aug 31 '13 at 12:12
  • You "believe" your PHP version is between 4 and 5? `phpinfo()` please, and know your server. – Madara's Ghost Aug 31 '13 at 12:27
  • Thanks, didn't know I could do that. – Jarod Macdonald Aug 31 '13 at 12:49
  • I'm surprized no-one has scolded you yet on the use of the "mysql_" set of functions. I was slow to let them go because they were the first ones I learned, but for security and sanity, make the change to PDO now before you form a deep emotional connection to the [deprecated](http://stackoverflow.com/questions/13944956) functions. – TecBrat Aug 31 '13 at 13:19

1 Answers1

0

you missed </form>. Try this.

printf("<div class='NewsItem'><div class='title'>%s</div><form enctype='multipart/form-data' action='tutorial.php' method='post'><input type='hidden' name='tutorial' value='%s'/><input type='submit' name='submit' value='%s' id='hyperlink-style-button'/></form></div>", $row['Title'], $row['Title'], $row['Title'])

I cannot see any other critical problems, try the following. I have removed enctype='multipart/form-data' also it is not valid to have more than 1 items with same id in a page so changed id="hyperlink-style-button" to class="hyperlink-style-button". you have to change the css accordingly. Also replaced single quotes to double quotes and added htmlspecialchars for values to not break html on quotes.

printf('<div class="NewsItem">
        <div class="title">%s</div>
        <form action="tutorial.php" method="post">
            <input type="hidden" name="tutorial" value="%s"/>
            <input type="submit" name="submit" value="%s" class="hyperlink-style-button"/>
        </form>
        </div>',htmlspecialchars($row['Title']),htmlspecialchars($row['Title']),htmlspecialchars($row['Title']));

also replace 

$Tutorial=$_POST['tutorial'];

with

$Tutorial=mysql_real_escape_string($_POST['tutorial']);

Note: Your code is prone to SQL injection attack. Please use prepared statements.

Warning: mysql extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.Please don't use mysql_* to develop new code.

Community
  • 1
  • 1
bansi
  • 55,591
  • 6
  • 41
  • 52
  • Thanks for pointing that out. But it doesn't solve the problem where each of the generated links create the same thing on page 2. – Jarod Macdonald Aug 31 '13 at 13:26