i've currently got a php/html table which holds values generated from a query:
while($row = mysql_fetch_array($query))
{
echo "<tbody>";
echo "<tr>";
echo "<td>" . $row['disease'] . "</td>";
echo "<td>
<a href='result1.php' class='button1'>View Details</a>
<a href='#' class='button1'>Book Appointment</a>
</td>";
echo "</tr>";
echo "</tbody>"
;
What i would like to do is enable the user to click on the 'View Details' button to initiate another query (which is processed in result1.php):
$query = mysql_query("SELECT definition FROM tbl_disease WHERE disease = '" . $_GET[' $row[disease'] . "' ; ")
or die(mysql_error());
This query should get details (definition) based on table values from the previous php page. At the moment i get an error on '$_GET[' $row[disease'] .'. Im new to this so I'm unsure if this is the right way to go about it?
Any ideas would be greatly appreciated, thanks.
In result1.php you have $_GET[' $row[disease'] but in the code with
<a href='result1.php' class='button1'>View Details</a>
you don't send the GET value. Change the above to:
<a href='result1.php?disease=".$row['disease']."' class='button1'>View Details</a>
and in result1.php
$query = mysql_query("SELECT definition FROM tbl_disease WHERE disease = '".$_GET['disease']."' ; ")
To make it the right way with security just as @Dragon mentioned you should never do operations on mysql with $GET/$POST and other without proper formating.
For more info: mysql_escape_string htmlentities filter_input.
From your original code, you are trying to access a URL variable via the GET method named, but you are not passing that variable to the URL as your href doesn't include it.
Try setting a variable within the URL of your link on the first page like below:
<a href='result1.php?disease=" . $row['disease'] . "' class='button1'>View Details</a>
This will pass a variable named $disease to your result1.php page via the GET method. You would then be able to access the variable by using $_GET['disease'].
$query = mysql_query("SELECT definition FROM tbl_disease WHERE disease = '" . $_GET['disease'] . "'");
echo "<td>
<a href='result1.php?disease=".$row['disease']."' class='button1'>View Details</a>
<a href='#' class='button1'>Book Appointment</a>
</td>";
echo "</tr>";
this is how you can pass the disease but you should be more careful when you write your query you should check a bit about mysqli_real_escape_string here is the manual: http://php.net/manual/en/mysqli.real-escape-string.php there might be better ways to use but this is not bad either. hope this helped