We help IT Professionals succeed at work.

retrieving a querystring variable in PHP

dave_e_work
dave_e_work asked
on
Hello

Hope you can help, I am totally new to PHP and was wondering how I can achieve the following:

In my querystring I have a couple of variables:

code=CT1545&price=850

In my form in the page I want them to populate a couple of labels with the values from above.

<label id="name"></label>
<label id="code"></label>

Any help is gratefully received.

Thanks in advance
Comment
Watch Question

Commented:
You can use $_GET['code'] and $_GET['price'] to get the values from the variables in the querystring.

Commented:
For example,

<label id="code"><?php echo $_GET['code']; ?></label>

Open in new window

Kiran SonawaneProject Lead
Top Expert 2011

Commented:
OR
$code = $_REQUEST["code"];
$price = $_REQUEST["price"];

Commented:
If by querystring, you mean the URL that calls your php program:

$code = $_GET["code"];
$price = $_GET["price"];

Do NOT use $_REQUEST unless you must retrieve from both URL input and <form method=POST ..> input.  It is subject to abuse more than $_GET.

Also make sure you use a safety filter on ALL input variables of any type.  Use mysql_real_escape_string() for text input, or whitelist checks for known values, or numerical checks for number inputs.

For example:

$code = max(0,floor($_GET["code"]));   will restrict this input to a positive integer (anything else will be set to zero.
if ($code == 0) {error....}

====================

Now, if your query string is anything other than a URL input, tell us, because you will need to process it using other means, such as explode() to pull out the values.



Author

Commented:
I have added the following:

<label id="code"><?php echo $_GET['code']; ?></label>

This seems to work fine, but then I checked and remembered, the page I use this is in an iframe. Is there a way of getting the value from the parent querystring?

Commented:
Also, when using variables from GET or POST, it's best to filter the data so that no one can use cross-site scripting on you.  To do this, you can simply use the addslashes function in most cases:

// one method of escaping data
$code = addslashes($_GET['code']);

// another method
$code = htmlspecialchars($_GET['code'], ENT_QUOTES, 'UTF-8');

The htmlspecialchars method with ENT_QUOTES and UTF-8 will ensure no one can enter HTML characters, quotes, and it sets the encoding so no one can use another encoding...

This is a good habit to get into.
Commented:
via PHP, there is no way to do so. You have to pass the querystring from parent to the iframe.

<iframe src="yourpage?code=<?php echo $_GET['code']?>&price=<?php echo $_GET['price']?>"></iframe>

Open in new window


and then in yourpage, you can get the code and price through $_GET['code'] and $_GET['price']

Commented:
EMB01 is saying the same thing I said, safety check your inputs.   addslashes() is not adequate for this, use mysql_real_escape_string() or htmlspecialchars() as he suggests on TEXT input.  htmlspecialchars() is my favorite method for TEXT input, but it does add bytes to your database.

However, if your input is numeric, use numeric functions to ensure that the inputs are exactly the format you expect.
Most Valuable Expert 2011
Top Expert 2016
Commented:
You do not have to use GET in every case.  You can pass information between frames using the SESSION with something like these scripts.  But if you're new to PHP you might want a learning resource or two.  Try these (hint: the SitePoint book is especially good).
http://us2.php.net/tut.php
http://www.sitepoint.com/books/phpmysql4/ 

You can see these scripts in action on my server, here.
http://www.laprbass.com/RAY_iframe.html
<?php // RAY_iframe.html
error_reporting(E_ALL);
session_start();
?>

<a target="frame_number_one" href="/RAY_iframe.php?n=1">SET FRAME ONE</a><br/>
<a target="frame_number_one" href="/RAY_iframe.php">CLEAR FRAME ONE</a><br/>
<br/>
<a target="frame_number_two" href="/RAY_iframe.php?n=2">SET FRAME TWO</a><br/>
<a target="frame_number_two" href="/RAY_iframe.php">CLEAR FRAME TWO</a><br/>


<!-- PUT UP SOME HTML TO DEFINE THE IFRAMES -->
<iframe name="frame_number_one" src="/RAY_iframe.php">one</iframe>
<br clear="all" />
<iframe name="frame_number_two" src="/RAY_iframe.php">two</iframe>
<br clear="all" />

<!-- SHOW THE PHP SCRIPT THAT RUNS THE IFRAMES -->
<a href="/RAY_iframe.php?n=3">CLICK HERE TO SEE THE IFRAME SOURCE CODE</a>

Open in new window

<?php // RAY_iframe.php
error_reporting(E_ALL);

// BUMP THE COUNTER UP BY ONE
session_start();
if (!isset($_SESSION["kounter"])) $_SESSION["kounter"] = 0;
$_SESSION["kounter"]++;

if (empty($_GET['n']))
{
    echo "NO IFRAME NUMBER SELECTED<br/>";
    echo "THE SESSION COUNTER IS {$_SESSION["kounter"]}<br/>";
    echo "THE REFERRER IS {$_SERVER["HTTP_REFERER"]}<br/>";
    die();
}

// WRITE SOME HTML INTO THE FRAMES
if ($_GET['n'] == '1')
{
    echo "SELECTED IFRAME NUMBER ONE<br/>";
    echo "THE SESSION COUNTER IS {$_SESSION["kounter"]}<br/>";
    echo "THE REFERRER IS {$_SERVER["HTTP_REFERER"]}<br/>";
    die();
}

if ($_GET['n'] == '2')
{
    echo "SELECTED IFRAME NUMBER TWO<br/>";
    echo "THE SESSION COUNTER IS {$_SESSION["kounter"]}<br/>";
    echo "THE REFERRER IS {$_SERVER["HTTP_REFERER"]}<br/>";
    die();
}

// SHOW THE SOURCE CODE FOR THIS SCRIPT
if ($_GET['n'] == '3')
{
    highlight_file(__FILE__);
    die();
}

Open in new window

Author

Commented:
Just what I needed, thanks!