please help with urlencode

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
steve_linn
Forum Newbie
Posts: 20
Joined: Thu Jul 10, 2008 1:10 pm

please help with urlencode

Post by steve_linn »

I am having trouble passing a variable in a URL (the row 'id' is actually a phone number XXX-XXX-XXXX). I am under the impression that I need to use the urlencode feature. I cannot figure out how to include it in this url. I do not know the syntax to use. I have verified that the query works in mySQL and the query works if there are no hyphens. Your assistance is greatly appreciated!

Code: Select all

<?php
   
$search = $_GET['searchFor']; 
$words = explode(" ", $search); 
$phrase = implode("%' AND account LIKE '%", $words); 
$query = "SELECT id,account,address1,city,state,zip from customers where account like '%$phrase%'"; 
$result = mysql_query($query) or die('Could not query database at this time');
 
echo "<h1>Search Results</h1><br><br>\n"; 
if (mysql_num_rows($result) == 0) 
  { 
    echo "<h2>Sorry, no accounts were found with '$search' in them.</h2>"; 
  } else 
  { 
    while($row=mysql_fetch_array($result, MYSQL_ASSOC)) 
  { 
     $id = $row['id'];
     $account = $row['account']; 
     $address1 = $row['address1']; 
     $city = $row['city']; 
     $state = $row['state'];
     $zip = $row['zip'];
     echo "<a href='index.php?content=showaccount&id=$id'>$account</a><br>\n";
     echo "$address1<br>\n";
     echo "$city $state $zip<br><br>\n"; 
  } 
 } 
?>
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: please help with urlencode

Post by requinix »

You only need urlencode if the text might have unusual characters. If it's just numbers and hyphens then don't worry about it.

Besides that, there are two glaring security holes in your code.

Code: Select all

$words = explode(" ", mysql_real_escape_string($search));

Code: Select all

echo "<h2>Sorry, no accounts were found with '", htmlentities($search), "' in them.</h2>";
steve_linn
Forum Newbie
Posts: 20
Joined: Thu Jul 10, 2008 1:10 pm

Re: please help with urlencode

Post by steve_linn »

so, if it's not a urlencode issue, then why will the variable not pass?

it works if the hyphens are taken out and its just a number. (xxxxxxxxxx)

It does not work with the hyphens (xxx-xxx-xxxx)
User avatar
aceconcepts
DevNet Resident
Posts: 1424
Joined: Mon Feb 06, 2006 11:26 am
Location: London

Re: please help with urlencode

Post by aceconcepts »

It's probably dealing with the hyphens as minus signs!
steve_linn
Forum Newbie
Posts: 20
Joined: Thu Jul 10, 2008 1:10 pm

Re: please help with urlencode

Post by steve_linn »

so what is the solution?
User avatar
aceconcepts
DevNet Resident
Posts: 1424
Joined: Mon Feb 06, 2006 11:26 am
Location: London

Re: please help with urlencode

Post by aceconcepts »

What data type is id in your database?
steve_linn
Forum Newbie
Posts: 20
Joined: Thu Jul 10, 2008 1:10 pm

Re: please help with urlencode

Post by steve_linn »

char(17)
Mark Baker
Forum Regular
Posts: 710
Joined: Thu Oct 30, 2008 6:24 pm

Re: please help with urlencode

Post by Mark Baker »

What does the HTML of the search result look like when it includes results with a hyphen in the id?

What do you see if you do a var_dump of $_GET after following the link from the search result?
steve_linn
Forum Newbie
Posts: 20
Joined: Thu Jul 10, 2008 1:10 pm

Re: please help with urlencode

Post by steve_linn »

I fixed this issue - it was a MySQL error - coding was incorrect
Post Reply