We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

mysql query string in link using urlencode

Schuyler Kuhl
on
Medium Priority
999 Views
Last Modified: 2013-12-12
Greetings,

I have a sql query string that looks something like this:

SELECT * FROM listing_table WHERE (price>=0) AND (price<=1000000) AND (area_name='Town')

For paging through the results I have this: $search_url = urlencode($query); and then have a number of number links for page 2,3 4 and next previous and first last, as is pretty standard.

However when I click the next page now I get an error such as this:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'Town\') ORDER BY at line 1

So the ' mark around the search criteria obviously isn't correct.  If I remove that part of the query string so that the search is only based on numerical criteria it works fine.

So my question is how do I properly make this search string useable in a url?

Thanks very much.

Sky
Comment
Watch Question

Director, SD-WAN Solutions
CERTIFIED EXPERT
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
Thank you.

Ok I am following you except for the last part about "wrapping all your variables in mysqlrealescapestring."

It is too bad though because I'm pretty sure this used to work.  I guess I will just have to rewrite this part.

Thank you.

Aaron TomoskyDirector, SD-WAN Solutions
CERTIFIED EXPERT

Commented:
$query = "select column from table where price >= '".mysql_real_escape_string($low)."' and...

Sorry for not typing the whole thing out. I'm on my phone.

Author

Commented:
thanks very much.

Yes I see this is the proper way to do it now.

Thanks I appreciate your help greatly.

Best regards,

Sky
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.