We help IT Professionals succeed at work.

PHP & Query Strings

powellt77
powellt77 used Ask the Experts™
on
Hi All,

I'm struggling to understand how to pull a query string into a SQL Query.

All I'm trying to run is the following:

mysite.com?id=45

but keep getting errors of:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

I think I may have completely miss-understood what I was reading!
$query = "Select * from products WHERE ID = $_SERVER['id']";

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Sandeep KothariProject Lead

Commented:

make the syntax of your query as follows....

$query = "Select * from products WHERE ID ='". $_SERVER['id']."'";

Open in new window


Also I think... it should be $_GET['id'] or $_REQUEST['id'] .... as the id is passed in the query sting....

one more thing...do sanitize the input id before using it in a query string.... use mysql_real_escape_string($id) where $id = $_REQUEST['id'] or whatever the value of id is ...


Commented:
When passing params via URL it should be:

$_GET['id'];


You can check the both array contents with:

  echo '<pre>';
  print_r($_GET);
  echo '</pre>';

  echo '<pre>';
  print_r($_SERVER);
  echo '</pre>';

Commented:
I think it should be :

      
$query = "Select * from products WHERE ID = $_REQUEST['id']";

Open in new window


$query = "Select * from products WHERE ID = $_REQUEST['id']";

Open in new window


Use a function like the following to sanitise the variable.

function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
  {
  $value = stripslashes($value);
  }
// Quote if not a number
if (!is_numeric($value))
  {
  $value = "'" . mysql_real_escape_string($value) . "'";
  }
return $value;
}

Open in new window


To use the function :

$query = "Select * from products WHERE ID = ". check_input($_REQUEST['id']);

Open in new window



http://dev.mysql.com/doc/refman/5.0/en/identifier-case-sensitivity.html

Quote :

Although database and table names are not case sensitive on some platforms, you should not refer to a given database or table using different cases within the same statement. The following statement would not work because it refers to a table both as my_table and as MY_TABLE:

Column, index, and stored routine names are not case sensitive on any platform, nor are column aliases. Trigger names are case sensitive, which differs from standard SQL.

By default, table aliases are case sensitive on Unix, but not so on Windows or Mac OS X. The following statement would not work on Unix, because it refers to the alias both as a and as A:

Unquote ..

So although the column names are not case-sensitve, it is good practice to think of being case sensitve.

Author

Commented:
Hi Both; Thanks for your replies.

So $_GET['id'] stops the errors, but I'm just not getting anything back from it in the page I'm making!

Question Points increased to 400
<?php

**database connection bits **

$query = "Select * from products WHERE ID = '". $_GET['ID']."'";

$result = mysql_query($query);

?>

<html>

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>Untitled</title>
</head>

<body>

<table width="859" border="1" cellspacing="5" cellpadding="0" align=center>
<tr>
  	<td width="73"><div align="center"><font face="Arial"><strong>ID</strong></font></div></td>
	<td width="169"><div align="center"><font face="Arial"><strong>ProductType</strong></font></div></td>
    <td width="190"><div align="center"><font face="Arial"><strong>ProductName</strong></font></div></td>
    <td width="150"><div align="center"><font face="Arial"><strong>SmallPic</strong></font></div></td>
    <td width="110"><div align="center"><font face="Arial"><strong>Price</strong></font></div></td>
    <td width="118"><div align="center"><font face="Arial"><strong>Active</strong></font></div></td>
  </tr>
<tr>
	<td class="style11"><div align="center"><font face="Arial" size=2><?php $result['ID'] ?></font></div></td>
	<td class="style11"><div align="center"><font face="Arial" size=2><?php $result['ProductType'] ?></font></div></td>
    <td class="style11"><div align="center"><font face="Arial" size=2><?php $result['ProductName'] ?></font></div></td>
    <td class="style11"><div align="center"><font face="Arial" size=2><?php $result['SmallPic'] ?></font></div></td>
    <td class="style11"><div align="center"><font face="Arial" size=2><?php $result['Price'] ?></font></div></td>
    <td class="style11"><div align="center"><font face="Arial" size=2><?php $result['Active'] ?></font></div></td>
  </tr>
</table>

</body>
</html>

Open in new window

Sandeep KothariProject Lead

Commented:
you have to fetch the values first


try mysql_fetch_assoc ...

$row = mysql_fetch_assoc($result);

print_r($row);

Open in new window


Author

Commented:
kshna,

So close! lol - So I can see the output from the print. Just need it in the table!
Capture.JPG
Project Lead
Commented:
then use  $row['ID'] , $row['ProductType'] .... etc... instead of $result['ProductType'].... in the table ...hope you got it !!!

example :

<?php $result['ProductType'] ?>

should be replaced bye

<?php $row['ProductType'] ?>