php passing variables to url

[mcfmullen]

I have the following code that outputs a url. It searches my MySQL database for the name of a given item within a theme:

 

$relative = 'http://www.domain.com/wp-content/';
$url1= $relative . 'themes/arjuna-x/itemspec.php?type=';
$url2='&item=';

<a class="entry-thumbnails-link" href="<?php echo $url1.'Themes'.$url2.$rowThemes['Theme']; ?>">

 

The output is as follows:

http://www.domain.com/wp-content/themes/arjuna-x/itemspec.php?type=Themes&item=(insert variable here)

 

All is good up to this point.

 

My problem however, is that some items (in this case: theme names) have apostrophes in them. For example: April Fool's.

 

This results in breaking my php code.

 

How can I get php to call these variables with apostrophes so that they don't break my php?

[trq]

url_encode.

[mcfmullen]

My database isn't finding the item after retrieving it:

 

<a href="<?php echo $url1.'Themes'.$url2.urlencode($rowThemes['Theme']); ?>">

 

The url appears as:

http://www.domain.com/wp-content/themes/arjuna-x/itemspec.php?type=Themes&item=April+Fool%27s

 

My itemspec.php code:

<?php include("../../../wp-blog-header.php"); ?>

<?php
  if (isset($_GET['item'])) {

include("variables.php");

switch (trim($table)) {
    case 'Mystery':
$Name = 'Mystery';
break;
case 'Themes':
$Name = 'Theme';
break;
    default:
$Name = 'Name';
break;
}

switch (trim($table)) {
    case 'Themes':
$sql = "SELECT * FROM " . $table . " WHERE ". $Name . " = '" . mysql_real_escape_string($item) . "'";
break;
    default:
$sql = "SELECT * FROM " . $table . " LEFT JOIN " . $table . "Themes USING ($Name) LEFT JOIN " . $table . "Methods USING ($Name) WHERE " . $table . "." . $Name . " = '" . mysql_real_escape_string($item) . "'";
break;
}

    $answer = mysql_query($sql);
    if ($answer) {
      if (mysql_num_rows($answer) > 0) {
        $row = mysql_fetch_assoc($answer);
?>

BUNCH OF SITE STUFF


<?php
      } else {
        echo "No $table found by that name.";
    }
  } else {
    echo "No type found by that name.";
  } 
  } else {
    echo "No type or item selected.";
  }
?>

 

The error I'm getting is:

No Themes found by that name.

 

The code is working for those themes without postrophes.

[trq]

You will need to use url_decode on the processing end.

[mcfmullen]

I've tried using that to no avail.

 

I get the same error. I'm using a $_GET which if I understand correctly, automatically decodes anyway...

[trq]

Can you echo your query to see what the database is actually getting?

[hennzo]

Hi,

instead of urlencode(), use rawurlencode()

[mcfmullen]

Using rawurlencode and rawurldecode results in this being stored in the variable:

 

Children\'s Hospital

 

Using urlencode and urldecode results in this being stored in the variable:

 

UCSF Benioff Children\'s Hospital

 

 

So both methods result in the same incorrect output. Is there any way to rectify this?

[BlueSkyIS]

I suspect the apostrophes are in your data. If so, you'll need to either fix your data (best idea), or use strip_slashes() on the values to remove the slash in front of special characters.

[mcfmullen]

I don't see what the logic is in "fixing" my data.

 

Some thing simply need apostrophes. Why are slashes inserted to begin with anyway?

[BlueSkyIS]

IF the slashes are in your database, there is no way for us to know how they got there unless you explain how the data is entered. Are the slashes in your data?

 

IF there are slashes in your data, you probably don't want them there, so fixing your data (and fixing whatever is adding slashes) seems logical to me. The alternative is to leave everything malfunctioning and write additional code to get around the problem. always.

[mcfmullen]

Ah, I thought you were talking about the apostrophes and not the slashes.

 

 

The slashes are defininately not in the database. I have no clue what is causing the slashes to appear.

 

The url is called using this:

<a class="entry-thumbnails-link" href="<?php echo $url1.'Themes'.$url2.urlencode($rowThemes['Theme']); ?>">

 

Where:

 

$relative = 'http://www.domain.com/wp-content/';
$url1= $relative . 'themes/itemspec.php?type=';
$url2='&item=';

 

with $rowThemes['Theme'] containing the Theme name (in this case: Children's Hosiptal).

 

The url results in this:

http://localhost/wp-content/themes/itemspec.php?type=Themes&item=Children%27s%20Hospital

 

the item is then called using this:

$item = stripslashes(urldecode($_GET['item']));

 

 

Obviously, I would prefer it if I did not have to use stripslashes.

[BlueSkyIS]

Okay, it must be the server adding slashes to GET variables due to magic_quotes being turned on. You'll need to either continue using stripslashes() or turn off magic_quotes via php.ini. Or account for both possibilities by checking for magic_quotes before using stripslashes():

 

if (get_magic_quotes_gpc()) {
$item = stripslashes($item);
}

[mcfmullen]

Thank you so much!