If I want to get the parameter after ? in current URL what can I do
http://localhost/ test/message.php?userid=5
can I just use $_GET
what thing $_GET can do
Moderator: General Moderators
Re: what thing $_GET can do
In the example that you gave, $_GET['userid'] would be set to 5
NEVER TRUST these to be valid is getting passed to a database.
This says if that parameter exists, and if the value converted to an integer is great than zero, use that converted value, otherwise, set it to 0.
-Greg
NEVER TRUST these to be valid is getting passed to a database.
Code: Select all
$intUserID = (isset($_GET['userid']) && (int)$_GET['userid']>0) ? (int)$_GET['userid'] : 0;-Greg
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: what thing $_GET can do
And seeing $_GET is user-input (indirectly), always escape it if you use it for database interaction.
Something i picked up about $_GET['variable'] is that even if you have a url like this : localhost/page.php?variable isset($_GET['variable']) will return true so you could also test to see if the variable is empty or not. I haven't tested twinedev's code but it looks like it does cater for that eventuality.
Something i picked up about $_GET['variable'] is that even if you have a url like this : localhost/page.php?variable isset($_GET['variable']) will return true so you could also test to see if the variable is empty or not. I haven't tested twinedev's code but it looks like it does cater for that eventuality.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: what thing $_GET can do
if you are just expecting an integer, using the method I gave you do not need to escape it. casting the variable as an (int) will give you only the characters 0-9 and a possible hyphen at the beginning. Anything else though, yes use something like mysql_real_escape_string()
- phazorRise
- Forum Contributor
- Posts: 134
- Joined: Mon Dec 27, 2010 7:58 am
Re: what thing $_GET can do
you can also use $_REQUEST but to be on safer side, you should use $_GET for to be more specific. also consider cleaning $_GET data before operating on database.can I just use $_GET
Re: what thing $_GET can do
Thank you for all the replies. I just wonder what is different between the hidden field and the direct get , Usual I use the following way then Use $_GET or $_POST
<input type="hidden" name="userid" value="<?php echo $_SESSION['id'] ?>">
<input type="hidden" name="userid" value="<?php echo $_SESSION['id'] ?>">
- phazorRise
- Forum Contributor
- Posts: 134
- Joined: Mon Dec 27, 2010 7:58 am
Re: what thing $_GET can do
"get" is method of sending form data to server. when get used a querystring is appended to specified url.
hidden field is element hidden from user and holds the given value until form is submitted.
the code you've given -
is equivalent to -
both codes pass userid to server and can be accessible through $_GET.
I hope that's what you want to know . anyway, why are you using hidden field to send session data? it is available to you on each page where session is started.
hidden field is element hidden from user and holds the given value until form is submitted.
the code you've given -
Code: Select all
<input type="hidden" name="userid" value="<?php echo $_SESSION['id'] ?>">
Code: Select all
echo '<a href="somefile.php?userid='.$_SESSION['id'].'"> Text </a>';
I hope that's what you want to know . anyway, why are you using hidden field to send session data? it is available to you on each page where session is started.