newbies simple employee list

deregular

hi guys, im very new to php and mysql, but im pumped and wanna learn, so here is some code i wrote, my first script.
would love some feedback, its only basic, but like i said im a newbie, so id rather learn right. and you guys may have an easier way of writing it, so your feedback is appreciated.
It simply queries a db, and dishes out names as employees as links, when you click on each employee link it takes you through again, but displays the employees details.

<?php 
include"header.php"; 
require"config.php"; 

//connect to db from config.php if no connect then error. 
$cnx=mysql_connect("localhost",$dbuser,$dbpasswd); 
mysql_select_db($dbname,$cnx); 

//if you want to see employee details then display details 

if(isset($showdetails)){ 

$id=$_GET['showdetails']; 

$result=mysql_query("SELECT * FROM Employees WHERE ID=$id"); 
$row=mysql_fetch_array($result); 

$name="$row[FirstName]"; 
$surname="$row[Surname]"; 
$phone="$row[Phone]"; 
$cell="$row[Cell]"; 
$address="$row[Address]"; 
$city="$row[City]"; 
$state="$row[State]"; 
$zip="$row[Zip]"; 
$country="$row[Country]"; 

echo("<b>Name:</b> $name"." $surname<br>". 
"<b>Phone:</b> $phone<br>". 
"<b>Cell:</b> $cell<br>". 
"<b>Address:</b> $address<br>". 
"<b>City:</b> $city<br>". 
"<b>State:</b> $state<br>". 
"<b>Zip:</b> $zip<br>". 
"<b>Country:</b> $country<br>"); 

}else{ 

//else get info and print employee names as links from table Employees 

$result=mysql_query("SELECT * FROM Employees"); 

if(!$result){ 
echo("<p>Error performing query: " . "mysql error()" . "</p>"); 
exit(); 
} 
//display all employees with name and link to more details on each. 

while($row=mysql_fetch_array($result)){ 

$id=$row["ID"]; 
$firstname=$row["FirstName"]; 
$surname=$row["Surname"]; 

echo("<a href='$PHP_SELF?showdetails=$id'>"."$firstname"." $surname</a><br>"); 
} 
} 

include"footer.php"; 
?>

planetsim

Ok from a first script this is quite good.

A few improvements which will make it better

if(isset($showdetails)){

Where is $showdetails coming from. Is that the $_GET['showdetails']? if so use that.

Secondly

In your ID if your expect only numerical data instead of just

$id=$_GET['showdetails'];

use

$id=(int)$_GET['showdetails'];

That stops SQL injects as it only gets numerical data and stops anything else from being in it.

$name="$row[FirstName]";

Can be done better as this

$name=$row['FirstName'];

But what you had was good. Also you dont really need the extra variables as $name etc. Why not just use them in the echo?

Also before you output any data you should run a mysql_num_rows() to make sure that there is a record that can be returned else an error is displayed.

$PHP_SELF

use

$_SERVER['PHP_SELF']

Try to code using register_globals=off even if the server has them as on its a security risk otherwise.

Other than that you look to have a good script.

deregular

Thanks mate. This is exactly the kind of response i wanted.
A little reassurance that i was on the right track, and some great advice thrown in!
I do have couple of questions though.

if(isset($showdetails)){ 
Where is $showdetails coming from. Is that the $_GET['showdetails']? if so use that.

Im unsure what you meant by that. $showdetails=$id is part of the link that you click to go to the employee detailed page.
Then i grab the $id with the $_GET['showdetails'].
Can you explain a little more for me. thanks.

But what you had was good. Also you dont really need the extra variables as $name etc. Why not just use them in the echo?

Im not sure what you meant here either, can you show me an example.

All of the other suggestions were excellent, ive already changed it. thanks heaps for your help!🆒