Link to home
Start Free TrialLog in
Avatar of powellt77
powellt77Flag for United Kingdom of Great Britain and Northern Ireland

asked on

PHP & Query Strings

Hi All,

I'm struggling to understand how to pull a query string into a SQL Query.

All I'm trying to run is the following:

mysite.com?id=45

but keep getting errors of:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

I think I may have completely miss-understood what I was reading!
$query = "Select * from products WHERE ID = $_SERVER['id']";

Open in new window

Avatar of Sandeep Kothari
Sandeep Kothari
Flag of India image


make the syntax of your query as follows....

$query = "Select * from products WHERE ID ='". $_SERVER['id']."'";

Open in new window


Also I think... it should be $_GET['id'] or $_REQUEST['id'] .... as the id is passed in the query sting....

one more thing...do sanitize the input id before using it in a query string.... use mysql_real_escape_string($id) where $id = $_REQUEST['id'] or whatever the value of id is ...


Avatar of sonetinc
sonetinc

When passing params via URL it should be:

$_GET['id'];


You can check the both array contents with:

  echo '<pre>';
  print_r($_GET);
  echo '</pre>';

  echo '<pre>';
  print_r($_SERVER);
  echo '</pre>';

I think it should be :

      
$query = "Select * from products WHERE ID = $_REQUEST['id']";

Open in new window


$query = "Select * from products WHERE ID = $_REQUEST['id']";

Open in new window


Use a function like the following to sanitise the variable.

function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
  {
  $value = stripslashes($value);
  }
// Quote if not a number
if (!is_numeric($value))
  {
  $value = "'" . mysql_real_escape_string($value) . "'";
  }
return $value;
}

Open in new window


To use the function :

$query = "Select * from products WHERE ID = ". check_input($_REQUEST['id']);

Open in new window



http://dev.mysql.com/doc/refman/5.0/en/identifier-case-sensitivity.html

Quote :

Although database and table names are not case sensitive on some platforms, you should not refer to a given database or table using different cases within the same statement. The following statement would not work because it refers to a table both as my_table and as MY_TABLE:

Column, index, and stored routine names are not case sensitive on any platform, nor are column aliases. Trigger names are case sensitive, which differs from standard SQL.

By default, table aliases are case sensitive on Unix, but not so on Windows or Mac OS X. The following statement would not work on Unix, because it refers to the alias both as a and as A:

Unquote ..

So although the column names are not case-sensitve, it is good practice to think of being case sensitve.
Avatar of powellt77

ASKER

Hi Both; Thanks for your replies.

So $_GET['id'] stops the errors, but I'm just not getting anything back from it in the page I'm making!

Question Points increased to 400
<?php

**database connection bits **

$query = "Select * from products WHERE ID = '". $_GET['ID']."'";

$result = mysql_query($query);

?>

<html>

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>Untitled</title>
</head>

<body>

<table width="859" border="1" cellspacing="5" cellpadding="0" align=center>
<tr>
  	<td width="73"><div align="center"><font face="Arial"><strong>ID</strong></font></div></td>
	<td width="169"><div align="center"><font face="Arial"><strong>ProductType</strong></font></div></td>
    <td width="190"><div align="center"><font face="Arial"><strong>ProductName</strong></font></div></td>
    <td width="150"><div align="center"><font face="Arial"><strong>SmallPic</strong></font></div></td>
    <td width="110"><div align="center"><font face="Arial"><strong>Price</strong></font></div></td>
    <td width="118"><div align="center"><font face="Arial"><strong>Active</strong></font></div></td>
  </tr>
<tr>
	<td class="style11"><div align="center"><font face="Arial" size=2><?php $result['ID'] ?></font></div></td>
	<td class="style11"><div align="center"><font face="Arial" size=2><?php $result['ProductType'] ?></font></div></td>
    <td class="style11"><div align="center"><font face="Arial" size=2><?php $result['ProductName'] ?></font></div></td>
    <td class="style11"><div align="center"><font face="Arial" size=2><?php $result['SmallPic'] ?></font></div></td>
    <td class="style11"><div align="center"><font face="Arial" size=2><?php $result['Price'] ?></font></div></td>
    <td class="style11"><div align="center"><font face="Arial" size=2><?php $result['Active'] ?></font></div></td>
  </tr>
</table>

</body>
</html>

Open in new window

you have to fetch the values first


try mysql_fetch_assoc ...

$row = mysql_fetch_assoc($result);

print_r($row);

Open in new window


kshna,

So close! lol - So I can see the output from the print. Just need it in the table!
Capture.JPG
ASKER CERTIFIED SOLUTION
Avatar of Sandeep Kothari
Sandeep Kothari
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial