I am hoping someone can assist with a dynamic query in PHP. The first page below is a page which displays a number of items from MySQL. Once an item is clicked on it goes to another page which queries the database to bring up the selected product details. The page displaying the items a user can select from works fine, but the page displaying the item clicked on only works if I remove the WHERE clause, but of course it is no longer dynamic then. The error statement is suggesting that the syntax is not right for the version, yet it works on the other page. Using MySQL 5.6.17 and PHP 5.5.12.
Can anyone see where it is that I have gone wrong here please?
---------------------------------
Main Page (functions as expected)
<?php
ini_set('display_errors', '0');
$message = '';
$db=new MySQLi('localhost', 'someone', 'xxx','abc');
if ($db->connect_error) {
$message = $db->connect_error;
} else {
$sql = 'SELECT * FROM items';
$result = $db->query($sql);
if ($db->error) {
$message = $db->error;
}
}
?>
<!--other parts of the site--->
<?php if ($message) { ?>
<h2 class="inline_block">Sorry, there seems to be a problem.</h2>
<?php } else { ?>
<div>
<?php
$i = 0;
while ($row = $result->fetch_assoc()) {
if ($i % 4 === 0) { ?>
<div>
<ul>
<?php } ?>
<li> <a href="includes/details.php?id=<?php echo $row['itemID']; ?>"> <img src="img/<?php echo $row['image']; ?>" alt="<?php echo $row['alt']; ?>" height="150" width="150">
<p><?php echo $row['product']; ?></p>
<p class="reset">From $<?php echo $row['water']; ?></p></a> </li>
<?php $i++;
if ($i % 4 === 0) { ?>
</ul>
</div>
<?php } // end if
} // end of loop ?>
</div>
</div>
<?php } // end of page ?>
</div>
<!--other parts of the site--->
-----------------------------------------------------------------
Dynamic Page (returns an SQL error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1". Line 1 is the same first line as showing below. This is also used in the previous page without issue. When the WHERE clause is removed from the SQL query it works but is no longer dynamic. )
<?php
ini_set('display_errors', '0');
$message = '';
$db=new MySQLi('localhost', 'someone', 'xxx','abc');
if ($db->connect_error) {
$message = $db->connect_error;
} else {
$sql = 'SELECT * FROM items WHERE xitemID=' . $db->real_escape_string($_GET['xitemID']);
$result = $db->query($sql);
if ($db->error) {
$message = $db->error;
} else {
$row = $result->fetch_assoc();
}
}
?>
<!--other parts of the site--->
<ul>
<li><a href="../index.php">Home</a></li>
<li><a href="../things.php">Things</a></li>
<li><a href="mixeda.php">Mixeda</a></li>
<li><?php echo $row['product']; ?></li>
</ul>
</div>
<div id="col_1" role="main">
<?php if ($message) { ?>
<p> ERROR</p>
<?php echo "<p>$message</p>";
} else { ?>
<h2 class="inline_block"><?php echo $row['product']; ?></h2>
<p class="figure"><img src="../img/<?php echo $row['image']; ?>" alt="<?php echo $row['alt']; ?>" width="200" height="200">Price from $<?php echo $row['product']; ?></p>
</div>
<div id="col_2">
<h3>Details</h3>
<p><?php echo $row['details']; ?></p>
</div>
<?php } ?>
<!--other parts of the site--->