Help With Php (and Mysql): Get Method (semi-advanced Question) something.com/index.php?id=howtomakethiswork

Ok...If I could find the right terminology, I might be able to figure this out on my own, but I can't seem to find anywhere how to make this very popular method work?

I've only just started using PHP (the concept wasn't hard to learn, it was figuring out how to make it run on my computer). Anyways...so what I want to do is understand how websites use http://forums.xisto.com/no_longer_exists/. I know that ASP(X) commonly utilizes this, but it is also true that PHP does too. For a general example of what I am talking about, YouTube uses the GET method to identify their video (i.e. http://forums.xisto.com/no_longer_exists/).

It is my educated guess that the script (PHP) accesses the database (mySQL), which stores the HTML code. You use the get method to send and receive the primary key of the page. The concern I have is that HTML code consists of many characters, including: ", <, >, &, #, etc (not including return characters). How do I convert/store this data, if my "educated guess" is correct? Otherwise, disregard this paragraph and tell me the solution.


Keep in mind I pretty much know or understand PHP and mySQL logic/code, and if not, I'll figure it out or ask later, so don't feel that you have to go into a long dragged out explanation for me on that end. Thanks!

Edited February 15, 2010 by Jonnyabc (see edit history)

Some useful PHP commands to strip characters away:strip_tagspreg_replacestr_replaceTry those and see which one suit you the best.

check also http://php.net/url_encode or html_entities, depending how you are handling the data

Edited February 16, 2010 by jlhaslip (see edit history)

Thanks, both of you. Although Buffalo you didn't have the simplistic answer I was exactly looking for, it gave me the solution. I think htmlentities() and html_entity_decode() is all that I really need...preg_replace() and str_replace() might do the trick too, but I don't want to spend too much time at the moment trying to figure out how to use these functions when I can pretty much do what I want with it now. And I never thought to look up the functions on the PHP website, but their documentation turned out useful after all!The only thing that I might be interested in now is figuring out how to replace line breaks in the file to "\n" and back (and I don't mean converting them to <br />'s like nl2br() does). But this is minor, and may not actually be necessary. Thanks again!

Edited February 16, 2010 by Jonnyabc (see edit history)

The method I use is both secure and very simple to use. I always create a page called functions.php and include it on every single page of my website. This contains all my custom functions which makes writing a site faster and more simple. Here is the function I use to clean up my $_POST and $_GET data, there is a second option which is true or false and this depends if you want to insert the data in to a mysql database, true if so or false if not.

function CleanUp($data, $sql) {	  $data = trim(htmlentities(strip_tags($data)));	  if ($sql == true){   	$data = mysql_real_escape_string($data);	  }	  return $data;	   }

If you are inserting data from a clients input to a mysql database then you should ALWAYS use mysql_real_escape_string(). It will prevent anyone from performing something called injection which could compromise or even destroy your database. Here's an example of how to use the above. If the data is going to be inserted in to a database:

$id = CleanUp($_GET['id'], true);

Hope that helps. Also remember to use html_entities when pulling the data back out of the database. This will remove the backslashes the real escape string function adds.

I feel like no one is still quite grasping what I want to do with my site quite yet. I want to use one standard page, with menus and footers, etc., but the individual HTML content FOR EACH PAGE will be pulled in from the database and put onto the main body area of the site/page. The database would hold several field values such as page_id, page_title, page_html. Then my site would use the GET to make it as follows: http://forums.xisto.com/no_longer_exists/ . When the code receives this, it will look up the page data in the database, pull in all of the necessary data, and place it in the proper location.

This way I only have one or two pages for the ENTIRE SITE, which will save me space due to the lack redundant data.

Edited February 16, 2010 by Jonnyabc (see edit history)

I thought that was what you were saying, but then after your response to the other posts I thought I had it wrong originally.

 

Pulling that data from the database is very inefficient indeed. It will increase your database traffic unnecesserily. What is a better method is either store the html you want pulled in seperate files or all in one php page. Here's an example of what I mean:

 

if (!isset($_GET['id'])){ ?>   <div>This is the html that is displayed if the GET variable 'id' is not set (http://forums.xisto.com/no_longer_exists/;   <?php } if ($_GET['id'] == 1){  ?>    <div>This is the html that is displayed if the GET variable 'id' is set to 1 (http://forums.xisto.com/no_longer_exists/?id=1; <?php } ?>

Or if you want it to pull a seperate page from a different folder that contains the html you want to display then instead of closing the php tag, displaying the html and then re-opening the php tag you could just replace it with the include(); function. So if the file you want to include is in a folder called includes here is what you would do:

 

if (!isset($_GET['id'])){   include('includes/noid.php');   } if ($_GET['id'] == 1){   include('includes/1.php');   }

Databases aren't designed to store whole sites in them, just the data that is used on the site. Some websites do store most of their site in the database and as a result end up paying a large fee for bandwidth and traffic usage. Also it causes the server to slow down considerably if everyone is continuously pulling your site from the database. PHP and MySQL use two seperate servers don't forget, and Apache itself is yet another server.

Hi Jonnyabc,

You may want to look at Plumi which is an Open Source Video Content Management System similar to YouTube and Google Videos.

The only HTML required to be stored is that of their template, they don't store each and every individual page. A lot of the dynamic content is gotten back from their database but still the template handles how it looks on the page.

Just take a look at the source code for http://forums.xisto.com/no_longer_exists/ and you should see how basic their page is (have to be quick though before it redirects you).

To store HTML in the database you could use base64 encoding to do it, but it should be your own trusted data and not content you have gotten from other people. From others, you must clean their content can then encode it if you like.

The database would keep track of the file informations for those videos, the get query would be sent by the database and is only a pointer to that file. The template would work on grabbing the file, and playing it in the flash player.

You may want to look at how MVC frameworks work, as I believe this would be a similar design to how YouTube and Google Videos would work.


Cheers,


MC