colombian Posted April 10, 2008 Share Posted April 10, 2008 I'm trying to figure out why this isn't working... Here is the encode part, which works fine. (URL gets the added '+') <a href="seminar_content.php?seminar=<?php echo urlencode($name);?>"><?php echo $name;?></a> However, when I try to decode it: $seminar = urldecode($_GET['seminar']); $query = "SELECT * FROM seminar_content WHERE title = {$seminar}"; The page errors out on the query with: --- Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'theft' at line 1 --- Basically, the word right after the first '+' sign. I tried the code above using the rawurlencode and rawurldecode, and got the same results, only that it was the word after the '%20'. I tried using htmlspecialchars function infront too, without luck. Any help would be greatly appreciated! Link to comment https://forums.phpfreaks.com/topic/100402-solved-urlencode-urldecode-failing-on-mysql-error/ Share on other sites More sharing options...
uniflare Posted April 10, 2008 Share Posted April 10, 2008 try using mysql_escape_string on each value you use in the query, eg: $seminar = urldecode($_GET['seminar']); $query = "SELECT * FROM seminar_content WHERE title = ".mysql_escape_string($seminar); Also make sure each value is enclosed in single quotes, eg: $seminar = urldecode($_GET['seminar']); $query = "SELECT * FROM seminar_content WHERE title = '".mysql_escape_string($seminar)."'"; and its also a good idea to enclose fields/tables with backticks, eg: $seminar = urldecode($_GET['seminar']); $query = "SELECT * FROM `seminar_content` WHERE `title` = '".mysql_escape_string($seminar)."'"; hope this helps, Link to comment https://forums.phpfreaks.com/topic/100402-solved-urlencode-urldecode-failing-on-mysql-error/#findComment-513475 Share on other sites More sharing options...
colombian Posted April 11, 2008 Author Share Posted April 11, 2008 Thank you. When I looked at my code, I realized I had missed the single quotes... Just using that fixed it - thanks for reminding me of that. On another note, What is the benefit of the backticks? thanks. Link to comment https://forums.phpfreaks.com/topic/100402-solved-urlencode-urldecode-failing-on-mysql-error/#findComment-514866 Share on other sites More sharing options...
conker87 Posted April 11, 2008 Share Posted April 11, 2008 Some field names can be reserved (ie date, time etc) using backticks will allow PHP to check if it's a field or an actual function. Plus, I think it looks cleaner Link to comment https://forums.phpfreaks.com/topic/100402-solved-urlencode-urldecode-failing-on-mysql-error/#findComment-514870 Share on other sites More sharing options...
uniflare Posted April 12, 2008 Share Posted April 12, 2008 it's also a good idea for coss-compatibility between mysql versions. Link to comment https://forums.phpfreaks.com/topic/100402-solved-urlencode-urldecode-failing-on-mysql-error/#findComment-515353 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.