I don't really know the solution to your problem. I just wanted to point out that sending sql through the url like that is incredibly insecure. What do you have in place to prevent someone rewriting the get information to do bad things to the database?

So what would you recommend? On the other hand, I'm storing last question in a database, so I think you're right. I shall change it at once!

Thnx

However about the question I'm really intrigued why did it happen. Can anyone answer me?

why?

the first thing I notice is $_GET["z"]. Shouldn't that be $_GET['q']? I don't see a z listed as a param in the query string.

evinrude is spot on, never ever pass queries in your url. The more someone knows about your db the more likely it is to be exploited/destroyed.

this url entered by someone, would cause an issue I would think

index.php?id1=1&q=DELETE FROM base // don't try this url as it may delete the contents of the base table

I would go with something like this though. Given this url
index.php?id1=1&q=SELECT * FROM base WHERE id='4'

changed to
index.php?id1=1&q=4

and in index.php you could have something like

if (isset($_GET['q']) && is_numeric($_GET['q'])) { 
 $query = "SELECT * FROM base WHERE id='" . $_GET['q'] . "'"; 
 $statement = mysql_query($query); 
}

or something to that effect.

Okey, okey! I agree. It was a bad example of passing a SQL question.
It should be $_GET["q"], not z. just I use z in my questions, therefore the mistake.

I have completely changed my code and am passing the question through database. But the main question stayes:

Why does the mozilla translate %20 in <a href into spaces so that $_GET doesn't see it? In source (view -> source) it's not translated.

Is there anyone out there, that can answer my question?

Merry Christmas
Michal Cibor

because a space is not valid in a url, it needs to be %20

I know Jatar. I'm not so stupid as to put space in <a href, I put %20. The href looks like:

<a href="index.php?id=1&text=Mr%20Smith"

however if I place my mouse over this link in Mozilla I see it translated into:
bla.com/index.php?id=1&text=Mr Smith

and in the variable $_GET["text"] is only Mr.

That's the main problem, which I don't understand.

Are you doing any type of url rewriting (mod_rewrite)?

Yes. I use the str_replace([array], [array], ) function, to it to and fro.
The generated html looks fine (in the view source mode), on mouse over the link in status there are still spaces
source: <a href=i.html?t=Hello%20World>
status: i.html?t=Hello World

Now it's just a curiosity. At first I was doing (badly) passing the sql question into a frame (now i'm passing it through a database, not efficient, but enough for me).

So what I would like to gain from this answer is not a all around way how to do it (I could just change " " into eg "h-v-space"), but a rational explanation, why does Mozilla (not sure now which version, but I'm using the latest Aurox) translates %20 into " " and doesn't pass it into url, so I don't get the whole text in $_GET["t"].

Merry Christmas Webmasterworld and everyone!

The status bar doesn't show the %20, nor any other encoding. It doesn't in my versions of Mozilla-based browsers nor does it in MS IE. I can hover over a link and in the status bar the link looks just like if I would have typed it.

The variable and it's value do get passed in the query string, though. Completely, no breaks after spaces or otherwise. Here's a simple test:

<pre> 
<?php 
if (isset($_GET['name'])) { 
 print_r($_GET); 
} 
?> 
<a href="<?php print $_SERVER['PHP_SELF'] . '?name=Mr. Smith';?>">Click here</a> 
</pre>

By the way, I was asking if you are using an Apache RewriteRule of some sort. Not str_replace(). If you are using mod_rewrite, there may be something in your rule that is parsing your query string incorrectly.