How to send data in a clickable row of an html table

Question

I am doing a library project to reserve books.Here, I search for a book and get the data on the database into a table using php.Here is the code.

$sql=" SELECT DISTINCT books.isbn,books.bname,books.bauthor,books.btype FROM books WHERE CONCAT(isbn, '', bname, '', bauthor, '', btype) LIKE '%" . $search . "%' ";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
    while($row = $result->fetch_assoc()) 
 {
?>
        <tr> 
                      <td><?php echo('<a href="bookres.php?[$bisb]='.$row['isbn'].'">'.$row['isbn'].'</a>');?></td>
   <td><?php echo $row['bname']?></td>
   <td><?php echo $row['bauthor']?></td>
   <td><?php echo $row['btype']?></td>
        </tr>
<?php  
    }
} else {
    echo "0 results";
}

In the table,I have made the ISBN column clickable.

When I click on a books ISBN number, I need to display the clicked ISBN number on the reditected page.On the redirected page(bookres.php), I have written the following code.

<?php
$servername = "localhost";
$username = "root";
$password = "";
$db = "vidunena";


if (mysqli_connect_error()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$bisb = "";

if(isset($_POST['bisb']))
 {
  $bisb = $_POST["bisb"];
 }

echo $bisb;

?>

However, when I clich on an ISBN number, it,s being redirected to the given page but the ISBN number is not echoed in it.How can I fix this?

Possible duplicate of [What is the difference between POST and GET?](https://stackoverflow.com/questions/3477333/what-is-the-difference-between-post-and-get) — Patrick Q, Feb 08 '19 at 20:59
**WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add any data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or data *of any kind* directly into a query, it can be very harmful if someone seeks to exploit your mistake. — tadman, Feb 08 '19 at 21:35

score 2 · Accepted Answer · answered Feb 08 '19 at 21:01

2

Your link is wrong, the parameter must be named exactly how you're going to use it on the target page. So it should be echo("<a href="bookres.php?bisb="...)
You are using $_POST[] instead of $_GET[]. See What is the difference between POST and GET?

answered Feb 08 '19 at 21:01

Mikepote

5,225
1
30
35

How to send data in a clickable row of an html table

1 Answers1