mysql query string in link using urlencode

Greetings,

I have a sql query string that looks something like this:

SELECT * FROM listing_table WHERE (price>=0) AND (price<=1000000) AND (area_name='Town')

For paging through the results I have this: $search_url = urlencode($query); and then have a number of number links for page 2,3 4 and next previous and first last, as is pretty standard.

However when I click the next page now I get an error such as this:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'Town\') ORDER BY at line 1

So the ' mark around the search criteria obviously isn't correct.  If I remove that part of the query string so that the search is only based on numerical criteria it works fine.

So my question is how do I properly make this search string useable in a url?

Thanks very much.

Sky
Schuyler KuhlAsked:
Who is Participating?
 
Aaron TomoskySD-WAN SimplifiedCommented:
Nono. Don't put the whole query in the URL. Just put your variables in the URL. Like .com?low=0&high=100000
then in you code $low = $_get['low']
then build the query wrapping all your variables in mysqlrealescapestring.
0
 
Schuyler KuhlAuthor Commented:
Thank you.

Ok I am following you except for the last part about "wrapping all your variables in mysqlrealescapestring."

It is too bad though because I'm pretty sure this used to work.  I guess I will just have to rewrite this part.

Thank you.

0
 
Aaron TomoskySD-WAN SimplifiedCommented:
$query = "select column from table where price >= '".mysql_real_escape_string($low)."' and...

Sorry for not typing the whole thing out. I'm on my phone.
0
 
Schuyler KuhlAuthor Commented:
thanks very much.

Yes I see this is the proper way to do it now.

Thanks I appreciate your help greatly.

Best regards,

Sky
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.