Forum Moderators: coopster
<a href="compare_goods.php?Goods_Name=Nameofgoods">NameofGoods</a>
if (isset($_GET['Goods_name']) && $_GET['Goods_name'] !="")
{
$sql_goods_inc = "prod.product_name = '".$Goods_Name."' AND ";
}
ELSE
{
$sql_goods_inc = "";
echo "<p>No Goods received tho param was sent</p>";
}
I have trawled the web for 1/2 a day looking for explanations, but now accept I need a lesson...
... ca you help?
Bests,
MacWebtangle
Welcome to webmaster world first of all!
isset($_GET['Goods_name']) && $_GET['Goods_name']
should be:-
isset($_GET['Goods_Name']) && $_GET['Goods_Name']
You havnt capitalised the 'Googs_Nanme' part of the global.
Try that, see if it helps.
MRb
Should have read :"You havnt capitalised the 'Goods_Name' part of the global."
Other than that I cant see anything else.
MRb
Better - now I have coed:
$_GET['Goods_Name'];
echo "<p>Goods=".$Goods_Name."</p>";
Followed by an assignment and check if assignment has failed:
if (isset($_GET['Goods_Name']) && $_GET['Goods_Name'] !="")
{
$sql_Goods_inc = "prod.product_name = '".$Goods_Name."' AND ";
echo $sql_handie_inc;
}
ELSE
{
$sql_Goods_inc = "";
echo "<p>No Goods tho 1 is sent</p>";
}
Handie=prod.product_name = '' AND
So I guess $Goods_Name is set, but it isn't right...
I have altered the code slightly from what I read first off:-
if (isset($_GET['Goods_Name']) && ($_GET['Goods_Name']) !="")
{
$sql_Goods_inc = "prod.product_name = '".strip_tags($_GET['Goods_Name'])."' AND ";
echo $sql_handie_inc;
}
ELSE
{
$sql_Goods_inc = "";
echo "<p>No Goods tho 1 is sent</p>";
}
I have placed the $_GET directly into the sql, I assume at this point that this goes onto form a part of the rest of the query because it seems a little short otherwise, then again I dont know how you have coded the rest of the script ;-)
Around the $_GET I have placed the strip_tags() function, this makes sure that any data malicious html code gets stripped away before it can be used, there are other ways and functions, but for this I think you will be OK.
On the isset($_GET['Goods_Name']) && ($_GET['Goods_Name']) != "") I have placed the second $_GET in parethesis as this keeps the code tidy and makes it easier to read, and you can see what you are evaluating.
For debugging, place an exit; after the echo $sql_handle_inc; to echo JUST the query to the page, this helps you get a clearer picture of what is being processed at that point in the code. Make sure you comment/delete before you releasee though!
Hope as this is some help for you,
Good Luck,
MRb
THANKS!
Tried that and got the variable back!
frankly without help I am not sure whether I would have turned up strip_tags() in any other fashion than a roll of the dice - thanks again!
Also I was surprised that I could pass blanks and get them tossed into the SQL trouble free - thought I was going to have another question to ask you...
Thanks, always good to help people out, I must admit, I too have learnt a great deal from the good people of webmaster world.
You can pass blanks, it just means that if you are updating a mysql field you will erase the data that exists there already, if you use or die(mysql_error()); this will detail any errors that are at query level:-
$some_query = "SELECT * FROM `table` WHERE `username` = '".strip_tags(trim($_POST['username']))."' LIMIT 1";
$query_sent = mysql_query($some_query, $conn_data) or die(mysql_error());
but other than that you just have to code in checks at post level to say:-
if(empty($_POST['name']) ¦¦ empty($_POST['email']) ¦¦ empty($_POST['home_town'])){
echo "OOps forgotten to fill the fields in";
exit;
}
//examples.. being specific you can just say empty($_POST), this does the whole array in one, but if you are doing error checking you can be as specific as you want to be.
$_POST and any other 'super globals' are arrays, you can check to see if they are set (isset()) or empty (empty()) and then proceed from there with error checking or redirecting, its just up to you and you own personal coding style.
Anyway, glad to be of help.
MRb
if (isset($_GET['Goods_Name']) && $_GET['Goods_Name'] !="")
{
$sql_Goods_inc = "prod.product_name = '".$Goods_Name."' AND ";
echo $sql_handie_inc;
}
Just a comment on your original code, the variable $Goods_Name would only be set if register_globals was set on the server. Which it probably isn't (these days), as it can pose a security risk if it is. You might still see old script that use GET or POST vars in this way, but you should always use the $_GET[] (or $_POST[]) array as Matthew1980 has done.
On the isset($_GET['Goods_Name']) && ($_GET['Goods_Name']) != "") I have placed the second $_GET in parethesis as this keeps the code tidy and makes it easier to read, and you can see what you are evaluating.
I think you probably mean:
if (isset($_GET['Goods_Name']) && ($_GET['Goods_Name'] != ""))
But this could also be reduced to:
if (!empty($_GET['Goods_Name']))
