ssherar/item.php

## item.php
<?php

//retrieve the id from the GET variable
$ref = $_GET['ref'];

//Why do all the work if $ref is empty?!
// I think a redirect to index should be good enough
if($ref == NULL || count($ref) == 0) {
  "<meta http-equiv='refresh' content='0; url=index.php' />";
}

//Lets stop those horrific SQL injections and such, shall we?
//We do this by making sure that any bad symbols, such as <, >, = etc
//are escaped, and will not effect the query in hand!
mysql_real_escape_string(htmlentites($ref));

// start up the query
$conn = mysqli_connect($host,$user,$pass,$database);

// Get the data
$result = mysqli_query("SELECT* FROM student_food WHERE Ref = '{$ref}' LIMIT 1", $conn);

// Lets echo out this delicious data

echo $result["Name"];
/*
...
*/

//Clean up on aisle #3
mysqli_close($conn);
?>

## list.php
<?php

$conn = mysqli_connect($host,$user,$pass,$database);
$result = mysqli_query($conn, "SELECT * FROM student_food WHERE (Ingredients LIKE '%$text1%') && (Ingredients LIKE '%$text2%') && (Ingredients LIKE '%$text3%') ");
echo "<table border='1'>";
echo "<th>Ref</th><th>Image</th><th>Name</th><th>Description</th>\n";
while ($b = mysqli_fetch_array($result)) {
	echo "<tr>";
	echo "<td>" . $b["Ref"] . "</td>";
    	echo "<td>" . $b["Image"] . "</td>";
	$anchorString = "<a href='item.php?id={$b['Ref']}'>{$b['Name']}</a>";
	echo "<td>" . $anchorString . "</td>";
	echo "<td>" . $b["Description"] . "</td>";
        echo "</tr>";
}
echo "</table>\n";
?>
	<?php

	//retrieve the id from the GET variable
	$ref = $_GET['ref'];

	//Why do all the work if $ref is empty?!
	// I think a redirect to index should be good enough
	if($ref == NULL \|\| count($ref) == 0) {
	"<meta http-equiv='refresh' content='0; url=index.php' />";
	}

	//Lets stop those horrific SQL injections and such, shall we?
	//We do this by making sure that any bad symbols, such as <, >, = etc
	//are escaped, and will not effect the query in hand!
	mysql_real_escape_string(htmlentites($ref));

	// start up the query
	$conn = mysqli_connect($host,$user,$pass,$database);

	// Get the data
	$result = mysqli_query("SELECT* FROM student_food WHERE Ref = '{$ref}' LIMIT 1", $conn);

	// Lets echo out this delicious data

	echo $result["Name"];
	/*
	...
	*/

	//Clean up on aisle #3
	mysqli_close($conn);
	?>
	<?php

	$conn = mysqli_connect($host,$user,$pass,$database);
	$result = mysqli_query($conn, "SELECT * FROM student_food WHERE (Ingredients LIKE '%$text1%') && (Ingredients LIKE '%$text2%') && (Ingredients LIKE '%$text3%') ");
	echo "<table border='1'>";
	echo "<th>Ref</th><th>Image</th><th>Name</th><th>Description</th>\n";
	while ($b = mysqli_fetch_array($result)) {
	echo "<tr>";
	echo "<td>" . $b["Ref"] . "</td>";
	echo "<td>" . $b["Image"] . "</td>";
	$anchorString = "<a href='item.php?id={$b['Ref']}'>{$b['Name']}</a>";
	echo "<td>" . $anchorString . "</td>";
	echo "<td>" . $b["Description"] . "</td>";
	echo "</tr>";
	}
	echo "</table>\n";
	?>