how get a query from address and use it in script

Forum Moderators: coopster

Message Too Old, No Replies

how get a query from address and use it in script

D_Murphy

4:14 am on Nov 27, 2006 (gmt 0)

Hello,

I am trying to get a query from the adress (e.g. /index.php?query=1 )

and print it in the script

this is the portion of the script i want it to print in


<? $query ="THIS IS WHERE I WANT IT TO PRINT";
echo $query;
 $query = $data->query($query);
while ($pic = $data->fetch_array($query)){?>

As you can see its very simple i just dont know how to print the query in?query

Any help would be appreciated :)

Thank You
D. Murphy

Psychopsia

4:33 am on Nov 27, 2006 (gmt 0)

Hi!
Check out predefined variables [php.net] in the PHP manual.

Should be something like:

$query = 'SELECT * FROM table WHERE id = ' . (int) $_GET['query'];

eelixduppy

12:05 pm on Nov 27, 2006 (gmt 0)

Remember, if the variable is a string you don't want to cast it to type "int", but rather use mysql_real_escape_string [us2.php.net] to escape the string for the query.

Oh, btw, Welcome to WebmasterWorld, D_Murphy! ;)

phparion

12:21 pm on Nov 27, 2006 (gmt 0)

well, if i am following you right then do this,

echo $_GET['query'];

/*if you have $query shown in the URL then you can fetch it using GET global array and if you are posting a form using POST method then use $_POST i.e POST array, if it is coming in cookies then use $_COOKIE and for sessions $_SESSION global arrays ... you need to use global arrays in fact :)
*/

btw make sure it is an integer value otherwise you can do type-casting before using it in the code using (int)

D_Murphy

7:00 pm on Nov 27, 2006 (gmt 0)

Thank you phparian that worked perfect :)

jatar_k

4:41 pm on Nov 28, 2006 (gmt 0)

you should really check that var before using it in a query

you could use ctype_digit [php.net] or is_numeric [php.net]

Psychopsia

5:16 pm on Nov 28, 2006 (gmt 0)

Also, you can use settype [php.net]:

$query = $_GET['query'];
settype($query, 'int');
echo gettype($query) . ' > ' . $query;

jatar_k

5:17 pm on Nov 28, 2006 (gmt 0)

there is no need to change input, it will actually mess things up

test to see if the input is of the expected type, if not, show them an error

look at what happens if you use settype and someone put a string in the url

Psychopsia

5:40 pm on Nov 28, 2006 (gmt 0)

look at what happens if you use settype and someone put a string in the url

With settype($str, 'int') if there's a number before any char, returns just the first numbers (555), else returns 0:

$query = '555vasd45465sdas';
settype($query, 'int');

[edited by: Psychopsia at 5:46 pm (utc) on Nov. 28, 2006]

jatar_k

5:44 pm on Nov 28, 2006 (gmt 0)

so you're changing input and the results are unpredictable

phparion

1:04 pm on Nov 29, 2006 (gmt 0)

I agree with jatar_k because if you are not certain you are getting a number in query then you are going to use its value in darkness and there is every possibility to get unexpected results. so it is better to check it if it is what you want and if it is not then dont push it to be an integer or whatsover otherwise you would get logical errors.