Adding an sql query to the end of a wordpress permalink?

Ok….so I created a new wordpress theme and I still can’t get my custom code to work.

I want to be able to have a page which will output a list of items from the database, each item will have this URL format:

Read More

www.site.com/category/subcategory/?id=XX

The ?id=XX query should be at the end of the URL and will direct the user from the category page to the subcategory page showing specific data about the item with the XX id.

Each item in the list is wrapped in an tag in the category template page and the subcategory page uses $_GET. I’ve got one wordpress theme that works but on my other site, I use a different theme and it doesn’t work. If a user clicks on an item in the list, the user gets directed to the subcategory page without the sql string attached. I’m not sure what to put in the functions.php file in wordpress (or whatever the file is called that handles functions) or in the htaccess. Any help is appreciated.

Update:

@Niels – I didn’t make the code…I had two people make the code for me. Neither of them are professional coders but they got it to work so that’s all I cared about. My website has never been hacked before but I need to find out how to get the code to work myself since the two guys who created the code are busy nowadays. Yea, I’ve been told about the sql injection.

I’ve got php code on the category page (http://www.mysite.com/category) that defines variables that will be used in the code, connects to the database, queries the database table, and then selects and outputs the items in the database table using the id of the item. The code uses a while loop to output the items so that the category page is basically a directory of items. Each item that gets outputted is outputted in this format: $itemname. Like I said, the code already defines these variables at the very beginning so the sql query already knows what to look for. When a user clicks on any item in the category page, the link should take them to the item’s profile page, which is basically the subcategory page (ie: http://www.mysite.com/category/subcategory/). So let me be clear: when a user CLICKS on an ITEM in the CATEGORY PAGE, the user should be directed to the item’s profile page, which is basically the SUBCATEGORY PAGE. This is where the /?id=$id part comes in. During the transition phase from category page to subcategory page, the query string should attach itself to the URL and the subcategory page will output data based on the data that is in the database for that specific item. For instance, if a user clicked on a link such as this: www.mysite.com/category/subcategory/?id=12, the user should be directed to the profile page of the item with the id of 12. The profile page, which is the subcategory page in our case, should output data for the item in the database that has the id of 12. That’s how it should work. The subcategory page, or item profile page, will have a $_GET code so that it knows what data it is suppose to output.

Related posts

Leave a Reply

2 comments

  1. Revised Answer

    Look into WordPress’ Rewrite API. It’s definitely the more “correct” way of doing this.

    Original Answer

    Instead of using a URL query, try something like:

    // URL: http://blahblahblah.com/category/pagetitle/15
    
    preg_match_all('/[^/]+/', $_SERVER['REQUEST_URI'], $matches);
    $item_id = $matches[0][2];
    
    echo 'Do whatever you want with Item ID ' . $item_id;
    
  2. If a user clicks on an item in the list, the user gets directed to the
    subcategory page without the sql string attached.

    What do you mean exactly with “sql string”?

    Could you describe, as concrete as possible, what links you have, examples and what page they should direct to and what those pages should do?

    Also: I get the feeling you’re a little out of your depth here and you’re doing stuff with the database based on parameters from the URL . You should know that manipulating URL parameters to gain access to a database is a real easy way to hack a site. Please read a little bit about SQL Injection and how to prevent it.