Passing query to another page.

[thangappan]

I passed the psql query to another page using http_build_array() function.In that I have a problem to receive the query as the same what I have sent.

 

Example:

 

$query = "select  * from test where first_name ilike '%page%';";

$string = http_build_array(array('query' => $query));

echo "<script language=\"javascript\" > window.location=\"Pagination.php?$string\"  </script>";

 

In receiving end,

 

echo $_GET['query'];

It prints,

select  * from test where first_name ilike \'%page%\';

 

In this page I want to execute this query.Because of \ database tells error.

Please solve my problem.

 

 

[corbin]

From a security point of view, that's a terrible idea.  Pass the page number, and then build the query.

 

 

 

 

But, the \ is most likely being added because of magic quotes.

[thangappan]

I found the answer for this question.

Using stripslashes() function, we can remove the \ in the string.

 

[PFMaBiSmAd]

I'll repeat what corbin already told you. DON'T pass a query string through a URL or any other method where the user has the ability to change it. As soon as a hacker finds your site, they will read every table in your database and then they will add, change, and delete your data.

[ratcateme]

pass only the page number and run a mysql_real_escape_string on it to avoid hackers doing stuff to your query

 

Scott.