Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

passing variables via URL

Status
Not open for further replies.
dbaseboy

dbaseboy

Programmer
Apr 24, 2002
48
0
0
GB
Evening all,

I've spent the last 4 hours banging my head off the desk at this one but Im sure its something simple.

I want to construct and pass across a search string via a URL, ie the selected record is pulled from the database and displayed like so:

Make: Ford
Model: Mondeo
Colour: Blue

Im attempting to set up the results as search options ie click on Ford and it will search for all other Fords, click Blue and it will search for all blue cars.

Heres a snippet of how I saw it:

$make=mysql_result($result,$i,"make");
$makelink = "`make` = '".$make."'";

echo "<a href='dir1a.php?searchstr=".$makelink."' title='Find more ".$make."'>".$make."</a>"; ?>


when I debug by popping an echo $makelink in I get as expected

`make` = 'Ford'

however when I pass it through the URL it passes `make =

Im sure its to do with the quote marks (') however no matter what I try doesnt seem to do anything even escaping them with \ just sends the \ as well.

Help!!!!
 
Sort by date Sort by votes
i would not expose your data schema in this way. instead construct your links so that they look like this

Code: 
echo "<a href='dir1a.php?make=$make' title='Find more $make'>$make</a>";

and in your receiving script assemble the query string

Code: 
<?php
$searchtypes= array('make', 'colour', 'model');
$where=array();
foreach ($_GET as $key=>$val){
	if(in_array($key, $searchtypes)){
		$where[] = "$key=".mysql_escape_string(trim($val));
	}
}
$query = "Select * from cars where " . implode(" and ", $where);
mysql_query($query);
?>
 
Upvote 0 Downvote
Im sure to be doing something wrong however when I do that I now get the following error:

Query error: Unknown column 'Ford' in 'where clause'

 
Upvote 0 Downvote
I agree with jpadie; you do not want to expose your schema in the url, but as for your first post you need to use urlencode() on $makelink when you echo your html. This will encode the string for use in a query as part of a url.

In jpadie's response he did not add the quotes (to be used in the db query). Such as what is marked in red
Code: 
<?php
$searchtypes= array('make', 'colour', 'model');
$where=array();
foreach ($_GET as $key=>$val){
    if(in_array($key, $searchtypes)){
        $where[] = "$key=[COLOR=red]'[/color]".mysql_escape_string(trim($val))[COLOR=red]."'"[/color];
    }
}
$query = "Select * from cars where " . implode(" and ", $where);
mysql_query($query);
?>
If you find a db error, echo the complete SQL statement to the screen (as long as the page is not live) and the problems are usually easy to find.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PeDa
  • Locked
  • Question
Include URL with parameter in table generated by php
Replies
3
Views
84
PeDa
PeDa
lexer
  • Locked
  • Question
Php passing a variable from a dropdown list to Ajax
Replies
1
Views
50
vacunita
vacunita
rk68
  • Locked
  • Question
Passing oracle fields in SQL using option value after Submit
Replies
1
Views
43
vacunita
vacunita
Geates
  • Locked
  • Question
Static variables and functions 1
Replies
6
Views
116
Geates
Geates
Geates
  • Locked
  • Question
Why are static variables not printed
Replies
1
Views
66
vacunita
vacunita

Part and Inventory Search

Sponsor

Back
Top