Hi,
I am linking a search page to and Add page. The attributes would be copied from the selected record to another table. I have created my search page using the primary key id - this id is in varchar. I could get my code working ( the code below shows the GET function used. However, the code is only working when the id is INT, how do I get it to accept strings..
include ('connect.php');
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM administrator WHERE Admin_ID=$id");
$row = mysql_fetch_array($result);
Can't pass a string in the GET function
Moderator: General Moderators
-
Mark Baker
- Forum Regular
- Posts: 710
- Joined: Thu Oct 30, 2008 6:24 pm
Re: Can't pass a string in the GET function
String values need to be quoted in SQL
You're passing a string via GET, which might contain spaces, quotation marks or other unusual characters, so you might need to use urldecode before embedding it in your SQL.
And don't forget to escape it to prevent SQL Injection
Code: Select all
$result = mysql_query("SELECT * FROM administrator WHERE Admin_ID='$id'");
And don't forget to escape it to prevent SQL Injection
Re: Can't pass a string in the GET function
$_GET variables are automatically URL-decoded. Any half-decent user agent automatically URL-encodes everything, so I don't think this is necessary.Mark Baker wrote:You're passing a string via GET, which might contain spaces, quotation marks or other unusual characters, so you might need to use urldecode before embedding it in your SQL.
And yes, you should always escape your SQL.