0

I have this code:

 <a href="printable.php?job_numb=<?=$job_numb;?>"
target="new" style="color: #666 !important">
<p><?php echo $job_numb;?></p></a>

Which passes the $job_numb variable to the URL page. The page picks up the $job_numb and does this:

 <?php
    if( $_SERVER['REQUEST_METHOD']=='GET' && isset( $_GET['job_numb'] ) ){
    $job_numb = filter_input( INPUT_GET, 'job_numb', FILTER_SANITIZE_STRING );
    }
 $servername = "localhost";
 $username = "xxxxx";
 $password = "xxxxx";
 $dbname = "jobs_users";

 $conn = mysqli_connect($servername, $username, $password, $dbname);

 if (!$conn) {
   die("Connection failed: " . mysqli_connect_error());
 }
 $sql = "SELECT * FROM jobs_canjobs WHERE job_numb = $job_numb";
     $job_name = $_GET['job_name'];
     $comments = $_GET['comments'];
     $due_date = $_GET['due_date'];
     $attachment1 = $_GET['attachment1'];
     $requestor = $_GET['requestor'];
     $req_email = $_GET['req_email'];
     $Property = $_GET['Property'];
     $assignee = $_GET['assignee'];
     $assign_email = $_GET['assign_email'];
     $AE = $_GET['AE'];
 $results = mysqli_query($conn, $sql);
 ?>

Which then SHOULD check if $job_numb = job_numb then load these variables. However, it is not showing anything.

I HAD all of the variables passing through the <a href but then special characters were mucking up the security and giving a 406 error. I believe this is probably a more secure option, but I am not getting something right.

Am I missing a step? Thank you.

Improve this question
13
  • You never execute the SQL statement Commented Jan 3, 2017 at 20:41
  • The one that parses the job_numb? Commented Jan 3, 2017 at 20:43
  • or this: $results = mysqli_query($conn, $sql); Commented Jan 3, 2017 at 20:43
  • What do you get when you var_dump($results); in the end? Commented Jan 3, 2017 at 22:31
  • 1
    @SeanRawles, yeah, since the POST method sends the data in a separate data stream rather than as a URL I was thinking that POST might allow the special characters. However, I agree, it is much safer and cleaner to pull the data from the database. Commented Jan 3, 2017 at 23:46

2 Answers 2

Reset to default
2

I guess you are trying to do something like this:

$sql = "SELECT * FROM jobs_canjobs WHERE job_numb = $job_numb";
$results = mysqli_query($conn, $sql);
if ($row = mysqli_fetch_array($results)){
     $job_name = $row['job_name'];
     $comments = $row['comments'];
     $due_date = $row['due_date'];
     $attachment1 = $row['attachment1'];
     $requestor = $row['requestor'];
     $req_email = $row['req_email'];
     $Property = $row['Property'];
     $assignee = $row['assignee'];
     $assign_email = $row['assign_email'];
     $AE = $row['AE'];
}else{
     echo 'no records found';
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

this was it! Incorrect order and a missing IF. Thank you @NiloVelez
1

From http://php.net/manual/en/mysqli.query.php

"Return Values ¶

Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or EXPLAIN queries mysqli_query() will return a mysqli_result object. For other successful queries mysqli_query() will return TRUE."

So you need to use mysql_fetch_array() or similar on the result to get data

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.