2

I am trying to display every job record in my database and when a user clicks on a record, it will go on to display the job description for that record on a new page.

At my current state I've managed to display every job, clicking on them will direct the user to the "showjob.php?id=". My problem is that it isn't displaying information for my job.

Page with list of jobs: THIS WORKS

$results = $pdo->query('SELECT * FROM jobs');
foreach ($results as $row) {
    echo '<a class="job_listing_href" href="showjob.php?id="' . $row['job_id'] . '><div id="job_listing">' . $row['job_title'] . '   ' 
            . $row['cat_job'] . '</div><br/><br/>';
}

Page with individual job information:

    $pkey = mysql_real_escape_string($_GET['job_id']);
    $sql = "SELECT * FROM jobs WHERE job_id='$pkey'";
    foreach ($results as $pdo) {
        echo '<div id="job_listing">' . $row['job_title'] . '   ' . $row['cat_job'] . '</div><div id="job_listing_content">' . $row['job_desc'] . 
        '</div>';
    }

It isn't related to my job_desc as I can implement it to my previous page and it lists it just fine. My guess is that it's something to do with my $_GET but not sure.

Also as a sidenote, I'm aware my website is vulnerable to SQL injection, I'm going to fix it soon :) Can anyone provide a solution or put me on the right tracks?

Thank you to anyone spending the time helping me!

UPDATE

I have took everyone's suggestions - thank you, but my "showjob" page still isn't displaying anything. This is my new code:

$pkey = mysql_real_escape_string($_GET['id']);
        $sql = "SELECT * FROM jobs WHERE job_id='$pkey'";
        $results = $pdo->query($sql);
            foreach($results as $row) {
                echo '<div id="job_listing">' . $row['job_title'] . '   ' . $row['cat_job'] . '</div><div id="job_listing_content">' . $row['job_desc'] . 
                '</div>';
                }
Improve this question
11
  • 1
    you're missing $results = $pdo->query($sql); and the foreach should loop $results as $row Commented Mar 2, 2016 at 18:50
  • Curious: Are you using mysql_ with PDO here and at the same time? and which MySQL API are you using to connect with? Commented Mar 2, 2016 at 19:05
  • @Fred-ii- I'm not sure if I understand your question, I'm quite a newb with php but I'm using PDO to connect Commented Mar 2, 2016 at 19:10
  • simple: you can't mix MySQL APIs here mysql_real_escape_string is a mysql_ function and you're connecting with PDO. No love. every answers below are wrong so far. Look at my link I left you above. The question may get closed because of it. Commented Mar 2, 2016 at 19:12
  • @Fred-ii- ah I see. do you know an equivalent function I can use for PDO? Commented Mar 2, 2016 at 19:15

4 Answers 4

Reset to default
1

You're mixing MySQL APIs using mysql_real_escape_string() while being connected using PDO, so you can't use those together while connecting/querying for the same code.

  • Sidenote: You theoretically could with older versions of PHP, but as of PHP 7.0, the mysql_ API has been removed, so you definitely wouldn't be able to use it here if that were the case.

Reference: http://php.net/manual/en/function.mysql-real-escape-string.php

"This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0."

What you need to use here is a PDO prepared statement in order to escape the data, which is what you are looking to do here.

$pdo = new PDO("...");

if(!empty($_GET['job_id'])){

$pkey = $_GET['job_id'];
$statement = $pdo->prepare("SELECT * FROM jobs WHERE job_id = :jobid");
$statement->execute(array(':jobid' => $pkey));

while($row = $statement->fetch(PDO::FETCH_ASSOC)) {
    // echo $row['field1'].' '.$row['field2']; //etc... taken from an example, sorry.
        echo '<div id="job_listing">' . $row['job_title'] . '   ' . $row['cat_job'] . '</div><div id="job_listing_content">' . $row['job_desc'] . 
    '</div>';
}

}

else{
   echo "GET is empty, check for errors.";
}

Also check for errors if you're not already doing so.

References:

PDO references:

Footnotes:

I noticed you're using href="showjob.php?id yet you're using the $_GET['job_id'] array.

  • id != job_id.

That will fail you if that's what you're still using and both of those need to match.

Error reporting would have told you about that.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Then the rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

Other notes:

If your server does not support the mysql_ MySQL API, then error reporting would have thrown you something similar to the following:

Fatal error: Call to undefined function mysql_real_escape_string()...

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

@FirstOne Good. I won't have to give it a bold typeset then ;-) Edit: hey... where'd you go? lol
0

The results are not showing because you have your variable names mixed up, see below revision: Change:

 $pkey = mysql_real_escape_string($_GET['job_id']);

to:

 $pkey = mysql_real_escape_string($_GET['id']);

Update: You are also missing: $results = $pdo->query($sql);

Improve this answer

Comments

0

You are passing the job id parameter as id. However, when fetching the id for the specific job, you're retrieving job_id out of the $_GET superglobal. $_GET['id'] instead of $_GET['job_id']should work.

PS: As Alex pointed out, actually issuing a query via $results = $pdo->query($sql) may also help. Followed by iterating over foreach($results as $row). Although there should only ever be one result ...

Improve this answer

Comments

0

seems that

foreach ($results as $pdo) {
                echo '<div id="job_listing">' . $row['job_title']

in foreach your are using $pdo name value, but inside using $row, use the same an tell us. expect it help

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.