$_GET not passing from form to php script on shared hosting

freshwaterwest
freshwaterwest used Ask the Experts™
on
Hi, I have a form which passes values in the url (ie. ?brand_id=1 etc) to a php script which then uses the variables to point to an seo-friendly url/page

It worked perfectly on my local server and other live server but on my clients server in this case it doesn't work and I don't have access to the root (appears to be shared apache settings).

Register globals is set to on so I tried adding stripslashes but this hasn't worked

many thanks experts...

PS. I also tried it with $_POST and $_REQUEST too
<?php
//take the posted search criteria and reformat into seo friendly url

$brand_id = mysql_real_escape_string(stripslashes($_GET['brand_id']));
//convert the model variables into a url
$model = mysql_real_escape_string(stripslashes($_GET['model']));
$modelnameurl = urlencode(strtolower($model));    
$modelnameurl_dash = str_replace("+", "-", $modelnameurl);

$prices = mysql_real_escape_string(stripslashes($_GET['prices']));

if($brand_id == 1) {$thebrand = "brand-name-here";}
if($brand_id == 2) {$thebrand = "brand-name-here";}
if($brand_id == 3) {$thebrand = "brand-name-here";}
if($brand_id == 4) {$thebrand = "brand-name-here";}
if($brand_id == 6) {$thebrand = "brand-name-here";}
if($brand_id == 7) {$thebrand = "brand-name-here";}
if($brand_id == 8) {$thebrand = "brand-name-here";}
if($brand_id == 9) {$thebrand = "brand-name-here";}

if($_GET['model'] != '') {$themodelname = '/'.$modelnameurl_dash;};
if($_GET['prices'] != '') {$theprices = '/'.$prices;};


$my_uri = $thebrand.$themodelname.'/'.$brand_id.$theprices;


header( 'Location: /products/'.$my_uri.'' ) ;
   exit;

?>

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
First make sure that the PHP works on that server. Try a very simple file with contents:

<?php
phpinfo();
?>

Commented:
If register_globals is on you should be able to use $brand_id directly (http://www.php.net/manual/en/security.globals.php). Can you tell us what PHP version is running on this shared hosting package? Please not that stripslashes only has meaning when the magic quotes feature enabled.

Author

Commented:
yes, php does work fine, it's just the variables are getting passed for some reason

I did a phpinfo which revealed the magic quotes being on
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Stored in session variable.
Because $_GET is First time load correctly.But if reload that same page,does not get $_GET variable  

ex:
$_SESSION("brand_id")=$brand_id;

then load that page and get session variable and access the value.

But  check the session variable when u cleared the cookies.

Author

Commented:
hi ashokhein -
so are you saying I can or need to use a session var to get around this?

just to clarify first page has a form which sends the url with variables to a php script (no html at this point). The script above then redirects to the page using the variables to create an seo-friendly url

hope that makes sense..

cheers

Commented:
Do you have a PHP version for us?

Author

Commented:
hi davekok,

php is version 5. I was wrong magic quotes is actually off.. although I previously didn't have the stripslashes in anyway..

thanks

Author

Commented:
PHP Version 5.2.14
If you are trying codes which were written for php4 than there is a chance it will not work
Simple thing to do is try some code example which is written for php5 plus and see how it respond

Commented:
Well at least it is new enough so we don't have to consider $HTTP_GET_VARS. Can you dump the query string $_SERVER['QUERY_STRING'] to see if the something isn't blocking query string from getting past to PHP.
Shinesh PremrajanEngineering Manager

Commented:
you can set the server setting in .htaccess file placed in the root directory of the server.
Shinesh PremrajanEngineering Manager

Commented:
Sorry this one,.. You can set the PHP setting in the .htaccess file and place that in the root directory. It will work.

Author

Commented:
hi davekok,
I've just done a test and dumped the query as you suggested - seems to be working fine:

string(59) "brand_id=1&model=model+name&prices=price0&submit=Go"

this is exactly how I intended so no idea why my script above is not picking this up..?

thanks

Author

Commented:
I've taken out the mysql_real_escape_string in all cases and it's now working, no idea why this should be the case.. the input is from a drop down form so should I be concerned about sanitizing?

cheers
Commented:
mysql_real_escape_string can return FALSE on error. This is properly what you are experiencing. If I remember correctly mysql_real_escape_string requires an connection to a mysql server. If none exists it will try to create one with default arguments. This is properly what fails, hence the error.

Author

Commented:
right I see, so if I included a connection this might work - I'll give it a try...
thanks

Author

Commented:
spot on thanks - the connection was on the following page so I added it to the current and all worked perfectly with the orig code

many thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial