$_GET syntax use [Solved]

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
desb01
Forum Newbie
Posts: 5
Joined: Tue May 01, 2007 9:39 pm

$_GET syntax use [Solved]

Post by desb01 »

Why is this not working ???

$query_test = 'SELECT * FROM table WHERE var LIKE $_GET['varName']';

I check varName and it has the good value.

Thanx in advance for help.
Last edited by desb01 on Mon Jun 04, 2007 9:15 pm, edited 1 time in total.
User avatar
AKA Panama Jack
Forum Regular
Posts: 878
Joined: Mon Nov 14, 2005 4:21 pm

Re: $_GET syntax use

Post by AKA Panama Jack »

desb01 wrote:Why is this not working ???

$query_test = 'SELECT * FROM table WHERE var LIKE $_GET['varName']';

I check varName and it has the good value.

Thanx in advance for help.

Code: Select all

$query_test = "SELECT * FROM table WHERE var LIKE $_GET[varName]";
Use double quotes around the query and remove the single quotes around the element name in the $_GET variable.
User avatar
vigge89
Forum Regular
Posts: 875
Joined: Wed Jul 30, 2003 3:29 am
Location: Sweden

Post by vigge89 »

Also, use brackets when working with arrays when inside doublequotes, or do it outside of the doublequotes;

Code: Select all

$query_test = "SELECT * FROM table WHERE var LIKE {$_GET['varName']}";

Code: Select all

$query_test = "SELECT * FROM table WHERE var LIKE ".$_GET['varName'];
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

You also need to take care of sql injections, see http://de2.php.net/security.database.sql-injection
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Always quote your array indeces...

Array do's and don'ts from the manual
desb01
Forum Newbie
Posts: 5
Joined: Tue May 01, 2007 9:39 pm

:(

Post by desb01 »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


First of all, thank you for taking the time answering my question.

Next, I tried all of the above without any success.

The following work

Code: Select all

$query_cities = 'SELECT * FROM cities WHERE country LIKE "USA"';
The followings don't

Code: Select all

$query_cities = "SELECT * FROM cities WHERE country LIKE $_GET[countryName]";
    $query_cities = "SELECT * FROM cities WHERE country LIKE ".$_GET['countryName'];
    $query_cities = "SELECT * FROM cities WHERE country LIKE {$_GET['countryName']}";
    $query_cities = "SELECT * FROM cities WHERE country LIKE $_GET[countryName]";
The following works

Code: Select all

switch($_GET['countryName']){
    case "USA":
      echo "obj.options[obj.options.length] = new Option('New York','1');\n";
      echo "obj.options[obj.options.length] = new Option('Los Angeles','2');\n";
      echo "obj.options[obj.options.length] = new Option('Pittsburg','3');\n";
      echo "obj.options[obj.options.length] = new Option('New Hamshire','4');\n";
      break;
  }

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Almost every combination. You forgot to put quotes around the country name. And at least use the database specific escaping function if you are not going to do anything else:

Code: Select all

$country = databasespecific_escape($_GET['countryName']);
$query_cities = "SELECT * FROM cities WHERE country LIKE '$country'";
(#10850)
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

All of your queries are incorrect syntax. Try these:

Code: Select all

$query_cities = "SELECT * FROM cities WHERE country LIKE '$_GET[countryName]'";
$query_cities = "SELECT * FROM cities WHERE country LIKE '".$_GET['countryName']."'";
$query_cities = "SELECT * FROM cities WHERE country LIKE '{$_GET['countryName']}'";
$query_cities = "SELECT * FROM cities WHERE country LIKE '$_GET[countryName]'";
User avatar
neel_basu
Forum Contributor
Posts: 454
Joined: Wed Dec 06, 2006 9:33 am
Location: Picnic Garden, Kolkata, India

Post by neel_basu »

THis will work

Code: Select all

$query_cities = "SELECT * FROM `cities` WHERE `country` LIKE '".$_GET['countryName']."'";
EDIT
-------
Oh! Sorry I overlookedd the previous post. Everah has answered you.
desb01
Forum Newbie
Posts: 5
Joined: Tue May 01, 2007 9:39 pm

^_^

Post by desb01 »

Thank you all. It works. Me so happy ^_^
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

still prone to sql injections.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Yes, the examples I posted were only for illustration of string concatenation. Those queries are very dangerous I would recommend you NOT use them in a production environment.
Post Reply