I have a display page pulling from a database. With that I have a display function. I have everything working correctly, but I want to change the variable that is visible at the end of the URL, now it is from the 'id' column in my database and I would like it to be from the 'name' column.
This is my display function (included in another file)
public function __construct($rid, $table) {
/* Connect to Database */
require('dbinfo.php');
//$table=$this->table; // Choose Table Optional
$link = mysql_connect($databaseip,$username,$password);
mysql_select_db($database,$link);
$query = "SELECT * FROM $table WHERE rid=$rid";
$result=mysql_query($query);
$this->result = $result;
mysql_close($link);
And the Get PHP in the header of the display page is as follows:
<?php
$rid = $_GET['r'];
require('func/recipe.php');
// Recipe Display Function
if (isset($_GET['r'])) {$recipe = new recipeObject($rid,'my table name');} else {
header('location: SET URL');
}
?>
And my database structure looks like this - https://www.dropbox.com/s/rfga1vl8miqcd9s/database.png?dl=0
So I missed this big time the first time around. My apologies. Here is what I found to work for the query portion. And should help with SQL Injections.
$termSafe = mysql_real_escape_string($rid);
$query = "select * FROM $table WHERE (name LIKE '$termSafe')";