strange $_get result??

shadiadiph · December 23, 2008

i am getting a strange result from $_get probably simple.

in the url it says /user/viewad.php?adid='39'

but when i use

$adid = $_GET["adid"];
$sql 	= "select * from tblproddetails where intProductID=$adid";

it produces an error and the error i get says SQL: select * from tblproddetails where intProductID=\'39\'

where are the \'39\' slashes coming from clearly says '39' in the url is there any easy fix for this?

ratcateme · December 23, 2008

what are the '' in the url for it should be

/user/viewad.php?adid=39

also you should use

 $adid = mysql_real_escape_string($_GET["adid"]);

it is a lot safer

MadTechie · December 23, 2008

You probably have magic quotes ON, turn them off in the php.ini file or use stripslashes()

ie

$adid = stripslashes($_GET["adid"]);
$sql    = "select * from tblproddetails where intProductID=$adid";

EDIT: infact if its an INT use this

$adid = (int)$_GET["adid"];
$sql    = "select * from tblproddetails where intProductID=$adid";

but for strings your need to stripslashes even before using mysql_real_escape_string

shadiadiph · December 23, 2008

solved it thanks had some extra '' on the php?adid='$adid'

time for me to get some sleep too tired thanks again guys

Recommended Posts