Jump to content

Simple Get function not working from URL


Queueon
Go to solution Solved by Ch0cu3r,

Recommended Posts

Hi,

 

I'm going crazy with the following issue. I kept it simple for you to understand it quickly.

 

The URL: http://localhost/savescores.php?score=222

 

<?php

$score = strip_tags(mysql_real_escape_string($_GET['score']));

ECHO "Test 1";
ECHO "<h1>Your score is " . $_GET["score"] . "</h1>"; //Working!

ECHO "Test 2";
ECHO "<h1>Your score is $score</h1>";  //Not working!

?>

So the first echo test is working but its gets the information in another way as you can see.
I need the second test to work because then I will be able to write the variable back into a database using url vars on a later stage.

When I change the var $score manually to e.g. $score = '222'. Then all is working fine. I need it to work with the use of the URL.

Anyone who can help?

 

Link to comment
Share on other sites

Have you connected to the database? If not, mysql_real_escape_string() will not work (But, you should not be using the mysql_ functions anymore anyways). My guess is that the function is failing and returning FALSE (The Boolean value, not the string). Try running this to verify what, exactly $score contains:

var_dump($score);
Edited by Psycho
Link to comment
Share on other sites

mysql_real_escape_string() requires a database connection to work. therefore, you are getting a null value in $score and should be getting several php error messages.

 

so, three problems -

 

1) you need to have php's error_reporting set to E_ALL and display_errors set to ON in the php.ini on your development system so that php would help you by reporting and displaying all the errors that it detects. you will save a ton of time.

 

2) don't use any database escape string function until right before you put data into your sql query statement (it's actually better to use prepared queries anyways.)

 

3) the msyql_ functions are obsolete and will be removed from php soon. you need to learn using the PDO (the best choice) or the mysqli_ database functions so that what you are learning isn't already out of date.

Link to comment
Share on other sites

Thanks for the answers. As you might have noticed I'm a newbie and didn't realise that GET needs a connection.

However, in my original code I'm having the same issue. The DB is updated with nothing or an empty string. At least it is connected.

<?php

$servername
= "localhost";
$username = "username";
$password = "password";
$dbname = "dbname";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

//$id = strip_tags(mysql_real_escape_string($_GET['id']));
$score = strip_tags(mysql_real_escape_string($_GET['score']));

$sql = "UPDATE users SET score_03='$score' WHERE id=2";

if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}

$conn->close();
?>

I will take your suggestions in consideration and step back to learn more about PDO or mysqli.

Thanks a lot.

Link to comment
Share on other sites

  • Solution

 

As you might have noticed I'm a newbie and didn't realise that GET needs a connection.

No, You misunderstood Psycho and mac_gyver replies please read them again.

 

 

I'm having the same issue. The DB is updated with nothing or an empty string. At least it is connected.

Yes you are connected to the DB using mysqli (mysql improved). But you are using mysql_real_escape_string function which is not compatible with MySQLi Improved.  The mysql_ functions and mysqli_ functions (note the i after mysql) are not compatible with each other.

 

The mysql improved equivalent is mysqli_real_escape_string (has an i after mysql).

 

However reading your post score should only contain a number, then you should not be using mysqli_real_escape_string. This function is should only be used for escaping string values, such as a persons name, contents of a blog post etc. Not for numbers. What you should do is only insert the new score value if $_GET['score'] is in fact a number.

// validate $_GET['score'] exists and consist of digits
if(isset($_GET['score']) && ctype_digit($_GET['score']))
{
   // assign $_GET['score'] to $score and convert to an integer (whole number)
   $score = intval($_GET['score']);

   $sql = "UPDATE users SET score_03='$score' WHERE id=2";

   if ($conn->query($sql) === TRUE) {
      echo "Record updated successfully";
   } else {
      echo "Error updating record: " . $conn->error;
   }
}
else
{
    echo "Submitted score is invalid";
}
Edited by Ch0cu3r
Link to comment
Share on other sites

Alright I tested your code and it's working exactly how I need it.

In the meanwhile, for me this is still a real brain breaker and luckily for now I don't need much more code for my application (Construct 2).

 

I think I would have been trying for another few weeks by myself.

 

In the other hand, it's definitely interesting to know more about MySQL.

Do you have a book or site as a reference for me to start reading from the beginning and not dive straight into it like I'm doing now?

 

Many thanks Ch0cu3r, Psycho and Mc_gyver for your help. I'd need pay you a beer someday.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.