Whilst Rab Nawaz's answer worked, it is not really correct.
The mysql_*
functions are no longer maintained and community has begun the deprecation process. Instead you should learn about prepared statements and use either PDO or MySQLi.
If you cannot decide, this article should help you choose. Though, you should know, that PDO is able to work with different kinds of RDBMS, while MySQLi is made for a specific one. In case you decide to go with PDO, it's recommended you follow this tutorial.
For your particular case your code should look more like this:-
$dsn = 'mysql:dbname=dbname;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';
try {
$db = new PDO($dsn, $user, $password);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
$id = someMethodOfValidation($_POST['id']);
Note:- You should specificy $_POST or $_GET; as $_REQUEST could come from either and you should always know where your input is coming from.
User input should always be validated, your method leaves you wide open to SQL injection hence the someMethodOfValidation()
bit which you will need to write to fit your expected input. In your case it looks like you are expecting an integer value, so your validation could be as simple as $id = (int)$_POST['id'];
.
It is traditional when talking about SQL injection to tell the tale of Little Bobby Tables, so here it is:-
To continue your code:-
$stmt = $db->prepare("SELECT * FROM sites WHERE id=:id");
$stmt->execute(array(':id' => $id));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach($rows as $row){
if(!empty($row['urlone']){
echo "<h4 class='cta'><a href='{$row['urlone']}'>Launch Site</a></h4>";
}
I can't emphasise enough that the code you have above is unsafe and should never be used on a live server. Do not bother learning to use the mysql_* functions, you will be wasting your time. PDO is not hard to learn and is, in fact, quite simple once you get the hang of it. The tutorial linked to above will get you well on the way to using PDO successfully.