Niall_ Posted January 15, 2011 Share Posted January 15, 2011 Hi, I am new trying to make a simple test iPhone app that reads data from a MySql server via php get method. As a test I used a 'film' database but soon realised that if the get method contains two words '%20' is added to the middle. As a workaround, I tried: if (strpos($_GET['film'], '%20') !==false) $film = str_replace("%20", " ", $_GET['film']; else $_GET[film]=$film; and then appending $film to the end of my sql query. I have tried many variations of this but cannot get it to work! Any advice would be much appreciated. Niall Quote Link to comment Share on other sites More sharing options...
Bradley99 Posted January 15, 2011 Share Posted January 15, 2011 To my knowledge to must use this command: getCommands() Like so: function getCommands() { $films = array(); foreach( $this->_commands as $films ) { $selected_film []= $selected_film['title']; } return $films; ? I am not fully knowledgeable on Iphone Apps so i may be wrong. Quote Link to comment Share on other sites More sharing options...
dragon_sa Posted January 15, 2011 Share Posted January 15, 2011 $film=$_GET['film']; $replace=array("%20"); $film=str_replace($replace, ' ', $film); echo $film; Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted January 15, 2011 Share Posted January 15, 2011 You're over thinking the problem. Just use urldecode on the incoming string: <?php $film = urldecode($_GET['film']); ?> Ken Quote Link to comment Share on other sites More sharing options...
Niall_ Posted January 15, 2011 Author Share Posted January 15, 2011 Many thanks for the replies, having looked up urldecode, that option is exactly what I was trying to do. However, it does not seem to work alongside the sql that I am using. The first line works as desired but the second with the urldecode does not: $rs = mysql_query("SELECT id,title,cert,violence,drugs,sex,language,comments FROM films WHERE title='$_GET[film]'"); $rs = mysql_query("SELECT id,title,cert,violence,drugs,sex,language,comments FROM films WHERE title='urldecode($_GET[film])'"); Any suggestions? Thanks again for the help! Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 15, 2011 Share Posted January 15, 2011 You can't just toss a php function into a string like that; you'd need to run the data through the function first, or concatenate the function into the string. So this: $film = urldecode($_GET['film']); $rs = mysql_query("SELECT id,title,cert,violence,drugs,sex,language,comments FROM films WHERE title='$film'"); Or this: $rs = mysql_query("SELECT id,title,cert,violence,drugs,sex,language,comments FROM films WHERE title='" . urldecode($_GET[film]) . "'"); P.S. You also really, really, really need to be sanitizing any user-supplied data before allowing it into a query string. Quote Link to comment Share on other sites More sharing options...
Niall_ Posted January 15, 2011 Author Share Posted January 15, 2011 Thanks for quick reply Pikachu, I had also tried your first method previously but no luck. Thought it may have been a syntax error before so tried every other possible variation of (), [], ", '. The second method does not return any results either. For some reason it will only return results when submitted from: $rs = mysql_query("SELECT id,title,cert,violence,drugs,sex,language,comments FROM films WHERE title='$_GET[film]'"); Thanks also for advice malicious code being passed from user. Have not taken this into account yet as only prototype for a project I'm doing on localhost. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 15, 2011 Share Posted January 15, 2011 If the results are being returned by using $_GET['film'] in the query string, may I ask what makes you think you need to do anything like use urldecode()? Quote Link to comment Share on other sites More sharing options...
Niall_ Posted January 15, 2011 Author Share Posted January 15, 2011 Should have put this in the original post - The user queries from the iphone application. The query is returned perfectly to the php script if it only contains one word. Any more than that I'm getting a nil array so came to the conclusion it was returning for example: http://localhost:8888/title.php?film=Black%20Swan Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 15, 2011 Share Posted January 15, 2011 What is the form written in? Quote Link to comment Share on other sites More sharing options...
Niall_ Posted January 15, 2011 Author Share Posted January 15, 2011 There is no html form. The app is calling the php script from the below objective-c method: - (void)updateString { self.string = searchtext.text; label.text = self.string; NSURL *url = [NSURL URLWithString:[NSString stringWithFormat:@"http://localhost:8888/title.php?film=%@",searchtext.text]]; NSString *jsonreturn = [[NSString alloc] initWithContentsOfURL:url]; // Pulls the URL NSData *jsonData = [jsonreturn dataUsingEncoding:NSUTF32BigEndianStringEncoding]; NSError *error = nil; NSDictionary * dict = [[CJSONDeserializer deserializer] deserializeAsDictionary:jsonData error:&error]; if (dict) { rows = [dict objectForKey:@"films"]; [rows retain]; } NSLog(@"Array: %@",rows); [jsonreturn release]; NSLog(@"result after rel: %@", searchtext.text); } Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 15, 2011 Share Posted January 15, 2011 If the value is actually being sent with the space encoded as '%20', then you'd need to use rawurldecode, but I'm not sure what you mean when you say it's a nil array. Quote Link to comment Share on other sites More sharing options...
Niall_ Posted January 15, 2011 Author Share Posted January 15, 2011 Thanks again for the help, still no joy with rawurldecode(). That should have been null array not nil array - from app console: 2011-01-15 22:22:18.349 json_test[73525:207] Array: (null) 2011-01-15 22:22:18.351 json_test[73525:207] result after rel: avatar Result from rawurldecode and amended php. Whereas this is what it looks like for a single word title without any rawurldecode() Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.