URL varibles - multiple catID's ???

[livingwells]

I am new to php and am trying to make a few changes to an existing website.

How do I specify multiple category ID's in the URL?

example:

Current URL is:

http://mywebsite.com/search_category.php?catID=1

 

However, I want to display all listings in catID=1 and catID=6

these ID numbers are in the same column in mySQL database.

So basically, I want to display all listings from the catID columm of my database that have a 1 or a 6.

I have tried ?catID=1&catID=6 but it didn't work.

I have tried ?catID=1,6  no work

I have tried ?catID=1|6 no work.

 

Any suggestions?

[rhodesa]

you will have to modify your PHP to handle it. first, you need to settle on a URL format.

you can do this (prefered):

?catid[]=1&catid[]=6

or this:

?catid=1,6

 

...let me know what you decide, and then post the PHP script that reads the value from $_GET['catid'] and queries the DB

[livingwells]

I like the ?catID=1,6  format

 

I think this is the code that has to do with the catID

 

if(isset($_REQUEST['catID']) && $_REQUEST['catID']!="0") {

$catID = $_REQUEST['catID'];

$sCriteria .= " and cat_ID = $catID  ";

$qString .= "catID=$catID&";

$qStrLimit .= "catID=$catID&";

}

 

[rhodesa]

try replacing that with:

if(isset($_REQUEST['catID']) && $_REQUEST['catID']!="0") {
      $catID = $_REQUEST['catID'];
      $sCriteria .= " and cat_ID IN ($catID)  ";
      $qString .= "catID=$catID&";
      $qStrLimit .= "catID=$catID&";
   }

[livingwells]

This worked perfectly!  Thank you so much!

[discomatt]

You're throwing potentially unsanitary variables into a query string.

 

I recommend performing an escape function, or better yet, exploding an verifying each value is numeric. Or using a regex like %\A[\d,]++\z%

[cooldude832]

also as a php help "guru" I can't believe you are posting a solution using the $_REQUEST array.  That is a bad array to use in general.

 

use what reflects what u are using the best ($_GET or $_POST)  in this case $_GET

[discomatt]

also as a php help "guru" I can't believe you are posting a solution using the $_REQUEST array.  That is a bad array to use in general.

 

use what reflects what u are using the best ($_GET or $_POST)  in this case $_GET

 

Beyond the potential of accidental redefinition, I really don't see a problem with the $_REQUEST array.

[cooldude832]

$_REQUEST is more of an issue of GET taining POST than POST tainitng GET but it shouldn't be used and i believe is removed in PHP6 along with other bad methods.

[rhodesa]

I agree, you should use $_GET or $_POST vs $_REQUEST, and I also agree that you should escape any data using mysql_real_escape_string() before it gets put into the query. I was just trying to keep it simple by changing only the needed parts of the already existing code.

[discomatt]

$_REQUEST is more of an issue of GET taining POST than POST tainitng GET but it shouldn't be used and i believe is removed in PHP6 along with other bad methods.

 

I'd love to hear the source on this, as $_REQUEST is still fully supported, and as of 5.3.0 there are still related php.ini directives being added. ( http://php.net/manual/en/ini.core.php#ini.request-order )

 

$_REQUEST has uses, and in many ways encourages safer programming. It forces you to look at user-defined variables in a more global sense, rather than 2 separate input entities ( many still believe that POST has some magic form of increased security against manipulation ). The fact is that both are easily compromised, and both should be assumed to be 'tainted.' There is no security hole that opens up when using $_REQUEST over $_POST or $_GET that wasn't there to begin with. The only advantage of using $_POST or $_GET instead of $_REQUEST is that you can have POST, GET and COOKIE variables with the same name holding different values.

 

Follow good coding practices, and $_REQUEST will not be an issue... but I still suggesting using $_GET, $_POST and $_COOKIE over it. My point was simply that it is not a security issue.