PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
steve_linn
Forum Newbie
Posts: 20 Joined: Thu Jul 10, 2008 1:10 pm
Post
by steve_linn » Sun Nov 02, 2008 11:04 pm
I am having trouble passing a variable in a URL (the row 'id' is actually a phone number XXX-XXX-XXXX). I am under the impression that I need to use the urlencode feature. I cannot figure out how to include it in this url. I do not know the syntax to use. I have verified that the query works in mySQL and the query works if there are no hyphens. Your assistance is greatly appreciated!
Code: Select all
<?php
$search = $_GET['searchFor'];
$words = explode(" ", $search);
$phrase = implode("%' AND account LIKE '%", $words);
$query = "SELECT id,account,address1,city,state,zip from customers where account like '%$phrase%'";
$result = mysql_query($query) or die('Could not query database at this time');
echo "<h1>Search Results</h1><br><br>\n";
if (mysql_num_rows($result) == 0)
{
echo "<h2>Sorry, no accounts were found with '$search' in them.</h2>";
} else
{
while($row=mysql_fetch_array($result, MYSQL_ASSOC))
{
$id = $row['id'];
$account = $row['account'];
$address1 = $row['address1'];
$city = $row['city'];
$state = $row['state'];
$zip = $row['zip'];
echo "<a href='index.php?content=showaccount&id=$id'>$account</a><br>\n";
echo "$address1<br>\n";
echo "$city $state $zip<br><br>\n";
}
}
?>
requinix
Spammer :|
Posts: 6617 Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA
Post
by requinix » Sun Nov 02, 2008 11:26 pm
You only need urlencode if the text might have unusual characters. If it's just numbers and hyphens then don't worry about it.
Besides that, there are two glaring security holes in your code.
Code: Select all
$words = explode(" ", mysql_real_escape_string($search));
Code: Select all
echo "<h2>Sorry, no accounts were found with '", htmlentities($search), "' in them.</h2>";
steve_linn
Forum Newbie
Posts: 20 Joined: Thu Jul 10, 2008 1:10 pm
Post
by steve_linn » Mon Nov 03, 2008 8:31 am
so, if it's not a urlencode issue, then why will the variable not pass?
it works if the hyphens are taken out and its just a number. (xxxxxxxxxx)
It does not work with the hyphens (xxx-xxx-xxxx)
aceconcepts
DevNet Resident
Posts: 1424 Joined: Mon Feb 06, 2006 11:26 am
Location: London
Post
by aceconcepts » Mon Nov 03, 2008 8:36 am
It's probably dealing with the hyphens as minus signs!
steve_linn
Forum Newbie
Posts: 20 Joined: Thu Jul 10, 2008 1:10 pm
Post
by steve_linn » Mon Nov 03, 2008 9:15 am
so what is the solution?
aceconcepts
DevNet Resident
Posts: 1424 Joined: Mon Feb 06, 2006 11:26 am
Location: London
Post
by aceconcepts » Mon Nov 03, 2008 9:32 am
What data type is id in your database?
Mark Baker
Forum Regular
Posts: 710 Joined: Thu Oct 30, 2008 6:24 pm
Post
by Mark Baker » Mon Nov 03, 2008 11:26 am
What does the HTML of the search result look like when it includes results with a hyphen in the id?
What do you see if you do a var_dump of $_GET after following the link from the search result?
steve_linn
Forum Newbie
Posts: 20 Joined: Thu Jul 10, 2008 1:10 pm
Post
by steve_linn » Mon Nov 03, 2008 9:51 pm
I fixed this issue - it was a MySQL error - coding was incorrect