I am working on some functionality where having performed an initial search, a subset of profile details are being displayed. This works fine.
There is then a link called 'View Full Profile' which if clicked should return the entire profile.
I have got this working with a hardcoded id, but am not sure how to pass in the id of the profile from the subset of information?
I don't actually know if that value (the id of the profile) is currently available for me to acccess so that I can pass it in if that makes sense?
In the subset of profile details I have included a hidden field which does contain the id I would like to pass in but I'm not sure if this can be used?
The relevant code is posted below.
SUBSET-PROFILE.HTML.PHP
<div id="Profile" class="Profile" >
<h1 class="margin-top">Search Results</h1>
<?php if (isset($results)): ?>
<?php foreach ($results as $result): ?>
<ol class="coach-display">
<li class="left image">
<img src="<?php if (!empty($result['filename'])) echo('?action=view&id=' . $result['id']); else echo "/img/profile_coming_soon.jpg" ?>" width="80" height="80" />
</li>
<li class="listleft">First Name:</li>
<li><?php htmlout($result['firstname']); ?></li>
<li class="listleft">Last Name:</li>
<li><?php htmlout($result['lastname']); ?></li>
<li class="listleft">Constituency:</li>
<li><?php htmlout($result['constituency']); ?></li>
<li class="listleft">Qualifications:</li>
<li><?php htmlout($result['qualifications']); ?></li>
</ol>
<input type="hidden" name="id" value="<?php htmlout($result['id']); ?>">
<a href="?more">View full profile</a>
<?php endforeach; ?>
<?php endif; ?>
</div>
INDEX.PHP
if (isset($_GET['more']))
{
try
{
$sql = "SELECT id, firstname, lastname, area, county, constituency, qualifications, bio, monday, tuesday, wednesday, thursday, friday, saturday, sunday,
filename, mimetype
FROM pt
WHERE id = 6";
$s = $pdo->query($sql);
}
catch (PDOException $e)
{
$error = 'Error fetching pt details.' . $e->getMessage();;
include 'profiles.html.php';
exit();
}
You can see in INDEX.PHP where I have hard coded the value to 6. This is the value that I need to be dynamic dependent on which profile subset was previously being viewed.
Thanks for your time and help on this.
change
<a href="?more">View full profile</a>
to
<a href="?more&id=<?php htmlout($result['id']); ?>">View full profile</a>
Now you can get id value using $_GET['id']..
There are many ways to do this, but most simple is probably passing the id in the url:
<a href="?more&id=<?php htmlout($result['id']); ?>">View full profile</a>
I assume the ID will come from GET param as well.
if (isset($_GET['more']))
{
try
{
$sql = "SELECT id, firstname, lastname, area, county, constituency, qualifications, bio, monday, tuesday, wednesday, thursday, friday, saturday, sunday,
filename, mimetype
FROM pt
WHERE id = ?";
$sth = $pdo->prepare( $sql );
$sth->execute(array( $_GET['id'] ));
$s= $sth->fetchAll();
}
Noticed I used different PDO functions. You need variable binding to avoid SQL injections (or a good filtering).
More details at http://php.net/manual/en/pdo.prepare.php
ps. try to abstract your input. Never use $_GET, $_POST, $_COOKIE etc directly in your logic.