Ask a Question Register Login

php - How to display default post with get method?

28

I want to get an id from browser and display some pictures from the database.

If there is no "display2.php?productid=" found, then I want to display default image.

How can I do that?

Here is my code;

$sql = "SELECT * FROM productlist where productid=".$_GET['productid'];
$result = $mysqli->query($sql);

    while($myRow = $result->fetch_array())
    {   
      if(null !==($_GET['productid']==$myRow["productid"])){
         echo "<img src=".$myRow["productid"].">"; 
      }
      else {
         echo "<img src="SELECT productimage FROM productlist where productid = 1;">"; 
      }

    }

Now I will make it easier to explain for you... Check this out;

  //This part works without any problem 
$sql = "SELECT * FROM productlista where productid=".$_GET['productid'];
$result = $mysqli->query($restwo);

while($myRow = $resulttwo->fetch_array())
{   
  if(null !==($_GET['productid']==$myRow["productid"])){
  echo "<img src=".$myRow["productimage"].">"; 
  }

  //This part below (that should be default) does not work...

  if (!$_GET){  
  echo "hello world"; }
88

Answer

Solution:

Asaph pointed out SQL injection. You should bind the parameter (google it), or at the minimum do this:

$defaultImage = "SELECT * FROM productlist WHERE imageSrc != '' OR IS NOT NULL ORDER BY productid DESC LIMIT 1";
// run the query, get the result, create a variable with default image...
$defaultImageSrc = ''; // what you get from the query result
$_GET['productid'] = preg_replace('#[^0-9]#', '', $_GET['productid']);
$sql = "SELECT * FROM productlist where productid=".$_GET['productid'];
$result = $mysqli->query($sql);
while($myRow = $result->fetch_array()) {
    if(!$myRow['imageSrc']) $myRow['imageSrc'] = $defaultImageSrc;
    echo '<img src="'.$path.'">';
}
944

Answer

Solution:

If you want either$_GET['productid'] or themax(productid) when$_GET['productid'] is not set, you can use a ternary to change your sql query

$productid = ! empty($_GET['productid']) ? " WHERE productid = ".(int)$_GET['productid'] : " ORDER BY productid DESC LIMIT 1";

$sql = "SELECT * FROM productlist".$productid
$result = $mysqli->query($sql);

    while($myRow = $result->fetch_array())
    {   
         echo "<img src=".$myRow["productimage"].">"; 

    }

so ifisset($_GET['productid']) your query would be

SELECT * FROM productlist WHERE productid = (int)$_GET['productid']

but if not the default would be 

SELECT * FROM productlist  ORDER BY productid DESC LIMIT  1

People are also looking for solutions to the problem: Sending a var from php to javascript doesn't work

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.