Jump to content

[SOLVED] Problems using $_GET

nubble

By nubble
in PHP Coding Help

 Share

Recommended Posts

nubble Newbie

nubble

Posted
Posted

Hey folks - I'm trying to filter a set of records by a variable that gets passed (either "sex" or "price") - e.g. filter.php?sex=female - by using the $_GET function.  What I have now is not working (at all) - I get a blank page, no error codes, nothing.  Can't figure out what the heck is going wrong.  Would love any help!

 

-Amy

 

<?php
$query = "SELECT `snakeID`, `locality`, `sex`, `price`, `status`, `birthyear` FROM `general` WHERE `status` LIKE 'available' and `price`=".$_GET['price']." and  `sex`=."$_GET['sex']."";
$result=mysql_query($query);
$num=mysql_num_rows($result);

$j = 0;
echo "<tr>";

while($row = mysql_fetch_assoc($result)){
$j++;
echo '<td width="25%"><table width="100%" cellpadding="0" cellspacing="10" class="crittergrid"><tr><td width="85" valign="top" ><a href="';
echo $row['snakeID'];
echo '.php"><img src="/images/chondros/';
echo $row['snakeID'];
echo '_tn.jpg" alt="Green Tree Python for Sale" width="85" height="85" border="0"></a><br><br><b>ID:</b> ';
echo $row['snakeID'];
echo '<br><b>Sex: </b>';
echo $row['sex'];
echo '<br><b>Type: </b>';
echo $row['locality'];
echo '<br><b>Price</b>: $';
echo $row['price'];
echo '<br><b>Sex:</b> ';
echo $row['sex']. '<br />';
echo '<br><br><a href="';
echo $row['snakeID'];
echo '"><img src="/images/learn_more.jpg" width="85" height="20" border="0"></a></td></tr></table></td>';
if ($j == 4) {
    $j = 0;
    echo "</tr><tr>";
  }
}
?>

Link to comment
Share on other sites
Orio Member

Orio

Posted
Posted

Try this:

 

<?php
$query = "SELECT `snakeID`, `locality`, `sex`, `price`, `status`, `birthyear` FROM `general` WHERE `status` LIKE 'available'";
if(isset($_GET['price']))
$query .= " AND price='".$_GET['price']."'";
if(isset($_GET['sex']))
$query .= " AND sex='".$_GET['sex']."'";
$result=mysql_query($query);
$num=mysql_num_rows($result);

$j = 0;
echo "<tr>";

while($row = mysql_fetch_assoc($result)){
$j++;
echo '<td width="25%"><table width="100%" cellpadding="0" cellspacing="10" class="crittergrid"><tr><td width="85" valign="top" ><a href="';
echo $row['snakeID'];
echo '.php"><img src="/images/chondros/';
echo $row['snakeID'];
echo '_tn.jpg" alt="Green Tree Python for Sale" width="85" height="85" border="0"></a><br><br><b>ID:</b> ';
echo $row['snakeID'];
echo '<br><b>Sex: </b>';
echo $row['sex'];
echo '<br><b>Type: </b>';
echo $row['locality'];
echo '<br><b>Price</b>: $';
echo $row['price'];
echo '<br><b>Sex:</b> ';
echo $row['sex']. '<br />';
echo '<br><br><a href="';
echo $row['snakeID'];
echo '"><img src="/images/learn_more.jpg" width="85" height="20" border="0"></a></td></tr></table></td>';
if ($j == 4) {
    $j = 0;
    echo "</tr><tr>";
  }
}
?>

 

Orio.

Link to comment
Share on other sites
per1os Member

per1os

Posted
Posted

First rule of $_GET and $_POST you do NOT put them straight into a query, SECOND rule of $_GET and $_POST YOU DO NOT PUT THEM STRAIGHT INTO A QUERY!

 

First you should mysql_real_escape_string($_GET['varname']);

 

TO PREVENT some kiddie from deleting data via sql injection.

 

As for the actual problem I do not really see anything wrong, but yea obey the first 2 rules!

 

Link to comment
Share on other sites
nubble Newbie

nubble

Posted
  • Author
Posted

Thanks for all the help everyone.  Here's the code I ended up with.  Seems to be working (yay!!!!)... but of course there is some new friggin issue :) 

 

This works: http://sprucenubblefarm.com/chondros/filter.php

This works: http://sprucenubblefarm.com/chondros/filter.php?price=750

This works: http://sprucenubblefarm.com/chondros/filter.php?price=750&sex=Male

This Doesn't: http://sprucenubblefarm.com/chondros/filter.php?sex=Female

 

What the heck?

 

<?php

$query = "SELECT `snakeID`, `locality`, `sex`, `price`, `status`, `birthyear` FROM `general` WHERE `status` LIKE 'available'";
if(isset($_GET['price']))
$query .= " AND price='".$_GET['price']."'";
mysql_real_escape_string($_GET['price']);

if(isset($_GET['sex']))
$query .= " AND sex='".$_GET['sex']."'";
mysql_real_escape_string($_GET['sex']);
$result=mysql_query($query);
$num=mysql_num_rows($result);

$j = 0;
echo "<tr>";

while($row = mysql_fetch_assoc($result)){
$j++;
echo '<td width="25%"><table width="100%" cellpadding="0" cellspacing="10" class="crittergrid"><tr><td width="85" valign="top" ><a href="';
echo $row['snakeID'];
echo '.php"><img src="/images/chondros/';
echo $row['snakeID'];
echo '_tn.jpg" alt="Green Tree Python for Sale" width="85" height="85" border="0"></a><br><br><b>ID:</b> ';
echo $row['snakeID'];
echo '<br><b>Sex: </b>';
echo $row['sex'];
echo '<br><b>Type: </b>';
echo $row['locality'];
echo '<br><b>Price</b>: $';
echo $row['price'];
echo '<br><b>Sex:</b> ';
echo $row['sex']. '<br />';
echo '<br><br><a href="';
echo $row['snakeID'];
echo '"><img src="/images/learn_more.jpg" width="85" height="20" border="0"></a></td></tr></table></td>';
if ($j == 4) {
    $j = 0;
    echo "</tr><tr>";
  }
}
?>

Link to comment
Share on other sites
per1os Member

per1os

Posted
Posted

an fyi this:

 

if(isset($_GET['sex']))
$query .= " AND sex='".$_GET['sex']."'";
mysql_real_escape_string($_GET['sex']);


SHOULD BE

// note with ifs that have multiple lines need to have curly braces.
if(isset($_GET['sex'])) {
$query .= " AND sex='".$_GET['sex']."'";
             // note the variable must be reset.
$_GET['sex'] = mysql_real_escape_string($_GET['sex']);
}

 

 

Link to comment
Share on other sites
Orio Member

Orio

Posted
Posted

Your script does work...

But you have the wrong order... Do it this way:

 

<?php

$query = "SELECT `snakeID`, `locality`, `sex`, `price`, `status`, `birthyear` FROM `general` WHERE `status` LIKE 'available'";
if(isset($_GET['price']))
{
$price = (get_magic_quotes_gpc()) ? mysql_real_escape_string(stripslashes($_GET['price'])) : mysql_real_escape_string($_GET['price']);
$query .= " AND price='".$price."'";
if(isset($_GET['sex']))
{
$sex = (get_magic_quotes_gpc()) ? mysql_real_escape_string(stripslashes($_GET['sex'])) : mysql_real_escape_string($_GET['sex']);
$query .= " AND sex='".$sex."'";
}
$result=mysql_query($query);
$num=mysql_num_rows($result);

$j = 0;
echo "<tr>";

while($row = mysql_fetch_assoc($result)){
$j++;
echo '<td width="25%"><table width="100%" cellpadding="0" cellspacing="10" class="crittergrid"><tr><td width="85" valign="top" ><a href="';
echo $row['snakeID'];
echo '.php"><img src="/images/chondros/';
echo $row['snakeID'];
echo '_tn.jpg" alt="Green Tree Python for Sale" width="85" height="85" border="0"></a><br><br><b>ID:</b> ';
echo $row['snakeID'];
echo '<br><b>Sex: </b>';
echo $row['sex'];
echo '<br><b>Type: </b>';
echo $row['locality'];
echo '<br><b>Price</b>: $';
echo $row['price'];
echo '<br><b>Sex:</b> ';
echo $row['sex']. '<br />';
echo '<br><br><a href="';
echo $row['snakeID'];
echo '"><img src="/images/learn_more.jpg" width="85" height="20" border="0"></a></td></tr></table></td>';
if ($j == 4) {
    $j = 0;
    echo "</tr><tr>";
  }
}
?>

 

 

Orio.

Link to comment
Share on other sites
per1os Member

per1os

Posted
Posted

Uh oh Orio got fancy with the get_magic_quotes =) That is truly the right way to go, but I would create a function if you are going to use it extenisvly, IE: function fixInput($string) that returns the string escaped etc. =)

 

Nj for showing that orio.

Link to comment
Share on other sites
nubble Newbie

nubble

Posted
  • Author
Posted

TKS for the FYI & all the help - updated the script as suggested and it does work.  I can't get ?sex=Female to work tho...  Thought I'd try something out - http://sprucenubblefarm.com/chondros/filter.php?sex=Unknown and that seems to work fine... ugh.  Anyone know if there is a known issue with "male" being part of the word "female" or something??

 

Also, I want you all to know how much you friggin rule - I'm wicked impressed :)  One day this young Padawan hopes to learn the many Jedi PHP tricks she has seen on this board. 

 

<?php

$query = "SELECT `snakeID`, `locality`, `sex`, `price`, `status`, `birthyear` FROM `general` WHERE `status` LIKE 'available'";
if(isset($_GET['price']))
{
$price = (get_magic_quotes_gpc()) ? mysql_real_escape_string(stripslashes($_GET['price'])) : mysql_real_escape_string($_GET['price']);
$query .= " AND price='".$price."'";
}
if(isset($_GET['sex']))
{
$sex = (get_magic_quotes_gpc()) ? mysql_real_escape_string(stripslashes($_GET['sex'])) : mysql_real_escape_string($_GET['sex']);
$query .= " AND sex='".$sex."'";
}


$result=mysql_query($query);
$num=mysql_num_rows($result);

$j = 0;
echo "<tr>";

while($row = mysql_fetch_assoc($result)){
$j++;
echo '<td width="25%"><table width="100%" cellpadding="0" cellspacing="10" class="crittergrid"><tr><td width="85" valign="top" ><a href="';
echo $row['snakeID'];
echo '.php"><img src="/images/chondros/';
echo $row['snakeID'];
echo '_tn.jpg" alt="Green Tree Python for Sale" width="85" height="85" border="0"></a><br><br><b>ID:</b> ';
echo $row['snakeID'];
echo '<br><b>Sex: </b>';
echo $row['sex'];
echo '<br><b>Type: </b>';
echo $row['locality'];
echo '<br><b>Price</b>: $';
echo $row['price'];
echo '<br><b>Sex:</b> ';
echo $row['sex']. '<br />';
echo '<br><br><a href="';
echo $row['snakeID'];
echo '"><img src="/images/learn_more.jpg" width="85" height="20" border="0"></a></td></tr></table></td>';
if ($j == 4) {
    $j = 0;
    echo "</tr><tr>";
  }
}
?>

Link to comment
Share on other sites
nubble Newbie

nubble

Posted
  • Author
Posted

Cool - thanks frost for the 411.  So now I can sort by female (yay!!) - but the actual data from the "sex" field won't print.  I feel like I'm in the deep end of the pool here...  ???

 

http://sprucenubblefarm.com/chondros/filter.php?sex=female

 

<?php

$query = "SELECT `snakeID`, `locality`, LOWER(`sex`), `price`, `status`, `birthyear` FROM `general` WHERE `status` LIKE 'available'";
if(isset($_GET['price']))
{
$price = (get_magic_quotes_gpc()) ? mysql_real_escape_string(stripslashes($_GET['price'])) : mysql_real_escape_string($_GET['price']);
$query .= " AND price='".$price."'";
}
if(isset($_GET['sex']))
{
$sex = (get_magic_quotes_gpc()) ? mysql_real_escape_string(stripslashes($_GET['sex'])) : mysql_real_escape_string($_GET['sex']);
$sex = strtolower($sex);
$query .= " AND sex='".$sex."'";
}


$result=mysql_query($query);
$num=mysql_num_rows($result);

$j = 0;
echo "<tr>";

while($row = mysql_fetch_assoc($result)){
$j++;
echo '<td width="25%"><table width="100%" cellpadding="0" cellspacing="10" class="crittergrid"><tr><td width="85" valign="top" ><a href="';
echo $row['snakeID'];
echo '.php"><img src="/images/chondros/';
echo $row['snakeID'];
echo '_tn.jpg" alt="Green Tree Python for Sale" width="85" height="85" border="0"></a><br><br><b>ID:</b> ';
echo $row['snakeID'];
echo '<br><b>Sex: </b>';
echo $row['sex'];
echo '<br><b>Type: </b>';
echo $row['locality'];
echo '<br><b>Price</b>: $';
echo $row['price'];
echo '<br><br><a href="';
echo $row['snakeID'];
echo '"><img src="/images/learn_more.jpg" width="85" height="20" border="0"></a></td></tr></table></td>';
if ($j == 4) {
    $j = 0;
    echo "</tr><tr>";
  }
}
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.