Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Integrating PHP with Databases Using Relational Tables Understanding SQL Injections

Alex Flores
Alex Flores
7,864 Points
Posted by Alex Flores
Alex Flores
7,864 Points

Understanding _GET and security?

I'm confused with the _GET portion of this video. This is the way I understand it:

When a user clicks on a book/movie/cd they are next redirected to the details.php file. The user is then _GETting the id of the clicked book/movie/cd. Once it has retrieved it id, then it can request the necessary information from within the database? Is that right?

This doesn't make a whole lot of sense to me, because the link is already in the href tag of each book/movie/cd, so what is the point of retrieving the id?

Martin Park
Martin Park
12,792 Points
Martin Park
Martin Park
12,792 Points

You need to retrieve the id so that you can use that id to display the relevant data from the database. If you do not retrieve it, the user would not see the data from the database

1 Answer

Dennis Amiel Domingo
Dennis Amiel Domingo
15,357 Points
Dennis Amiel Domingo
Dennis Amiel Domingo
15,357 Points

We get the "id" from the catalog.php file.

The catalog.php file has this line at the beginning:

$catalog = full_catalog_array();

And this code block nested in a <ul> element:

foreach($categories as $id){
       echo get_item_html($id, $catalog[$id]);
}

The function "get_item_html" (which is found in the functions.php file) has this code block:

function get_item_html($id, $item){
    $output = "<li><a href='details.php?id="
        . $item["media_id"] . "'><img src='" 
        . $item["img"] . "' alt='" 
        . $item["title"] . "'/>"
        . "<p>" . $item["title"] . "</p>"
        . "</a></li>";
    return $output;
}

So basically, the "full_catalog_array" function (which is a query of media_id, title, category, img from the database) is stored in the $catalog variable, which is then passed onto the "get_item_html" function via "$catalog[$id]" in the foreach loop.

Then the "$catalog[$id]" is the same as the parameter "$item" in the "get_item_html" function, which retrieves the "media_id" via the line "$item["media_id"]" in "href='details.php?id="

The catalog.php shows the full catalog pictures/items. These pictures now have their respective "id".

When you click on a picture/item , you are accessing the details.php file. In it, you are executing this block of code:

if(isset($_GET["id"])){
    $id = filter_input(INPUT_GET, "id", FILTER_SANITIZE_NUMBER_INT);
    $item = single_item_array($id);
}

Which means that if an "id" (which was retrieved using the $_GET method) is set, the filtered "id" gets stored in the $id variable. This variable is then passed onto the single_item_array function (which queries all the details of that item), and then gets stored in the $item variable. The $item variable is then rendered using the html codes from the previous lessons.

SUMMARY: $_GET gets the "id" from... 

$output = "<li><a href='details.php?id="
        . $item["media_id"] . "'><img src='" 
        . $item["img"] . "' alt='" 
        . $item["title"] . "'/>"
        . "<p>" . $item["title"] . "</p>"
        . "</a></li>";
    return $output;

Tip: In the catalog.php file, try to do a var_dump right after the line "$catalog = full_catalog_array();". You'll see an array of the items in your database with their correct media_id.