URL Parameter Issue

MickySkins

Hi everyone, although i have used this site many times before this is my first time posting so i am a complete n00b to the forum!

I apologise in advance if i make this sound more complex than it is, but i have been stuck in an attempt to create an array using url parameters. I have a database using MySQL, which holds multiple tables that contain exactly the same structure but with different content of course. My aim is to create url parameters so that i can pull information from the database like so: http://.../article.php?tbl=(table name)&id=(id no.). So far i am only able to call the id numbers from one table at a time, and after a crazy amount of days and attempts of concatenating different queries, i cannot manage to incorporate all the table names from the database into the parameter!

I also have a function designated to display the column 'articleTitle' contained in the tables, which currently acts as a menu, and when selected the column 'articleContent' for that id row is displayed as '.php?tbl=&id=3'. Thus missing the table name.

Any help with this would be very much appreciated and would well and truly save my arse. The php is as follows . . .

File: functions.php

<?php
require_once ("config.php");

// Function which displays the entire list of articles, linking each article to its single
function global_nav() 
{
	$conn = connect(); // DB Connector
	$sql = "SELECT * FROM $dbname";
	$result = mysql_query($sql);

	if(!$result) 
	{
		echo "DB Error, could not process menu items.<br/>MySQL Error: ".mysql_error();
		exit;
	}
	while($row=mysql_fetch_array($result)) 
	{
		$id = $row['id'];
        $table_name = // Something which i do not know
		echo '<li><a class="global" href="article.php?tbl='.$table_name.'&id='.$id.'">'.$row['articleTitle'].'</a></li>';	
	}
closeconnection($conn);
}

// Retrieves articles 
function displayArticle($id) 
{
	$conn = connect(); // DB Connector

$sql = "SELECT * FROM $table_name WHERE id='$id'";
$result = mysql_query($sql);

	if($result) 
	{
		$row = mysql_fetch_assoc($result);
		$articleinfo[] = $row;
	}
return $articleinfo;
closeconnection($conn);
}
?>

File: article.php

<?php
require_once("../include/functions.php");

// Displays the articles. 
global_nav(); // This is actually contained in html div tags but have been removed for this post

$id=$_GET['id'];

if(isset($id)) 
{ 
	$info = displayArticle($id);
	foreach($info as $key) 
        {
		echo '<h1>'.$key["articleTitle"].'</h1>';
		echo '<p>'.$key['articleContent'].'</p><br /><br />

	<a class="cms" href="insertarticle.php">Add New</a><br />';
}
}
else
	echo "No article selected";
?>

Many thanks in advance!

coldwerturkey

why would you have multiple tables with the same structure for just articles? unless you had 10 billion entries it seems unnecessary.

MickySkins

coldwerturkey;10914794 wrote:
why would you have multiple tables with the same structure for just articles? unless you had 10 billion entries it seems unnecessary.

Thanks for responding! The reason being is that it is part of a content management system that contains data for different users but is run through the same template. So i have features that allow users to login and edit their own content for their 'website', and i figured placing different user's content into separate tables was the most efficient way of achieving a manageable site and database.

coldwerturkey

MickySkins;10914797 wrote:
Thanks for responding! The reason being is that it is part of a content management system that contains data for different users but is run through the same template. So i have features that allow users to login and edit their own content for their 'website', and i figured placing different user's content into separate tables was the most efficient way of achieving a manageable site and database.

I may be wrong from inexperience, or being to ignorant to understand the question; but wouldn't it be more efficient having a 'user_id' column in a single table, where you can then just start the page by assigning something like a session to the specific ID of the currently-being-viewed 'website' and use that as your main argument in the query(s),

MickySkins

coldwerturkey;10914798 wrote:
I may be wrong from inexperience, or being to ignorant to understand the question; but wouldn't it be more efficient having a 'user_id' column in a single table, where you can then just start the page by assigning something like a session to the specific ID of the currently-being-viewed 'website' and use that as your main argument in the query(s),

Possibly, but personally i would most like to keep different tables for different users, simply due to the range of content being processed by users and also because of the way i have designed and built my admin area to control and manage users and their table containing their content.

harmor

Let's look at this function

function global_nav()
{
    $conn = connect(); // DB Connector
    $sql = "SELECT * FROM $dbname";
    $result = mysql_query($sql);

    if(!$result)
    {
        echo "DB Error, could not process menu items.<br/>MySQL Error: ".mysql_error();
        exit;
    }
    while($row=mysql_fetch_array($result))
    {
        $id = $row['id'];
        $table_name = // Something which i do not know
        echo '<li><a class="global" href="article.php?tbl='.$table_name.'&id='.$id.'">'.$row['articleTitle'].'</a></li>';    
    }
closeconnection($conn);
}

I'm assuming the variable $dbname is coming from "config.php." When you have a variable coming from an outside source you need to use globals.

function global_nav()
{
    global $dbname;

$conn = connect(); // DB Connector
$sql = "SELECT * FROM $dbname";
$result = mysql_query($sql);

    if(!$result)
    {
        echo "DB Error, could not process menu items.<br/>MySQL Error: ".mysql_error();
        exit;
    }
    while($row=mysql_fetch_array($result))
    {
        $id = $row['id'];
        $table_name = // Something which i do not know
        echo '<li><a class="global" href="article.php?tbl='.$table_name.'&id='.$id.'">'.$row['articleTitle'].'</a></li>';    
    }
closeconnection($conn);
}

Let's look at the second function

// Retrieves articles
function displayArticle($id)
{
    $conn = connect(); // DB Connector

$sql = "SELECT * FROM $table_name WHERE id='$id'";
$result = mysql_query($sql);

    if($result)
    {
        $row = mysql_fetch_assoc($result);
        $articleinfo[] = $row;
    }
return $articleinfo;
closeconnection($conn);
}

You need to add the variable $table_name to the function's parameters - function displayArticle($id, $table_name)

In articles.php you need to change $info = displayArticle($id); to $info = displayArticle($id, $_GET['tbl']);

You code is very insecure. I suggest adding the tables that you want users access in an array.

The following code would go in articles.php

$tblarr = array('table1', 'table2', 'table3', 'table4');

if(!in_array($_GET['tbl'], $tblarr))
    die();

MickySkins

Thanks harmor for your response. You assumed right the $dbname is included in config.php and was declared as a global variable in the function but i obviously left it out when posting the code so my mistake!

Again thanks for taking the time to respond i appreciate it!