0

enter image description here

post 2 not listed? I want it to be on the list in post 2 main-post disappears while post titles loop! I couldn't figure out why and how. can you help me............................. ......

<?php
 
 
    
/* ********************************* */
// GETTING POST ID
/* ********************************* */
$icinde_id = NULL;

if (!empty($_GET['icinde_id'])) {
    $icinde_id = intval($_GET['icinde_id']); // Making sure that we received an integer ID
} else {
    echo "A post ID must be provided!";
    die;
}

/* ********************************* */
// FETCHING THE POST
/* ********************************* */

$main_post = mysqli_query(
    $db_connection,
    "SELECT * FROM icindekiler WHERE icinde_id=$icinde_id"
);

$main_post_data = NULL; // Will become the associative array

if (mysqli_num_rows($main_post) === 1) {
    $main_post_data = mysqli_fetch_assoc($main_post); 
} else {
    echo "Post not found";
    die;
    
}

/* ********************************* */
// FETCHING RELATED POSTS
/* ********************************* */
$icinde_kitap_id = $main_post_data['icinde_kitap_id'];

$related_posts_query = "
SELECT
    *
FROM
    icindekiler
WHERE
    icinde_kitap_id = $icinde_kitap_id
    AND
    icinde_id != $icinde_id
";
$related_posts = mysqli_query(
    $db_connection,
    $related_posts_query
);

$related_posts_data = [];

if (mysqli_num_rows($related_posts) > 0) {
    $related_posts_data = mysqli_fetch_all($related_posts, MYSQLI_ASSOC);
    
}

/* ********************************* */
// THE END
/* ********************************* */
 //print_r($main_post_data);
 //echo "<pre>";
//print_r($related_posts_data);
?>

This is how the for loop works...

  <?php  foreach ($related_posts as $row) {?>
     <?php  echo $row["icinde_baslik"] ;?> 
 <?php }  ?>

But I couldn't get the main-post title to be in the list.

What should be done to achieve this?

Şerif Arat
  • 13
  • 3
  • 2
    **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Nov 18 '22 at 14:25
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson Nov 18 '22 at 14:25
  • 1
    `I couldn't get the main-post title to be in the list`...well obviously, because it's explicitly not part of the `$related_posts` data (as per the `AND icinde_id != $icinde_id` in the `WHERE` clause of your second query). So if you want to include it, just add an extra `echo $main_post_data["icinde_baslik"]` in the place where you want it to appear. – ADyson Nov 18 '22 at 14:27
  • thenks @adyson, I will take that into account. – Şerif Arat Nov 18 '22 at 14:29
  • that worked thanks but how do I get it to be in the list? – Şerif Arat Nov 18 '22 at 14:32
  • Well how about putting the echo inside the HTML necessary to make a list item? Same as you (presumably) do for the $related_posts data – ADyson Nov 18 '22 at 14:36
  • yes, loop through the same list – Şerif Arat Nov 18 '22 at 14:37
  • Or, unless you really _need_ to keep the "related posts" data separate for some other purpose in another part of your script, you could get it to just output the main post in the same dataset? I can't see your database obviously, but I think `SELECT * FROM icindekiler WHERE icinde_kitap_id = $icinde_kitap_id OR icinde_id = $icinde_id` would probably work for that. – ADyson Nov 18 '22 at 14:39

1 Answers1

0

You are explicitly excluding the main post from the $related_posts data - as per the AND icinde_id != $icinde_id in the WHERE clause of your second query.

Unless you really need to keep the "related posts" data separate for some other purpose in another part of your script, you could get it to just output the main post in the same dataset.

I can't see your database obviously, but I think

SELECT * FROM     
icindekiler 
WHERE     
  icinde_kitap_id = $icinde_kitap_id     
  OR icinde_id = $icinde_id

would work for that

** Obviously please adjust the above to prevent SQL injection and related problems by parameterising the input variables.

ADyson
  • 57,178
  • 14
  • 51
  • 63