The Web Design Group

... Making the Web accessible to all.

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> HTML Passing paramters
phpnoob
post Mar 10 2016, 09:09 AM
Post #1





Group: Members
Posts: 1
Joined: 10-March 16
Member No.: 24,058



Hi ,

Hoping someone can help . Im trying to pass a parameter from one page to another in order to open a record on the second page based on the first page .
Generally quite straight forward , but in this case the parameter im passing is a full name with a space .
The code in the "sending" document is

<p>Sender : <a href="contact.php?con=<?php echo $row_rsetcon['sender'] ?>"><?php echo $row_rsetcon['sender']; ?></a></p>

This passes the parameter correctly to the contact.php file and it appears in the address bar like so ....

http://127.0.0.1/kb1/contact.php?con=John Smith

The receiving code in the file contact.php is ..

$con=($_GET['con']);

However the result on the web page is

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Smith' at line 1

If I manually put double quotes around the name , then it works as expected. http://127.0.0.1/kb1/contact.php?con="John Smith"

Can I pass the parameter in Double Quotes or is there a better way to do this ? Ive tried urlencode and rawurlencode , no joy , but maybe im not using them correctly.
I do realise that there are issues with the code in reltion to potential for SQL injection etc... , but its an enclosed internal system.

Thanks for any help.



User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Mar 10 2016, 09:41 AM
Post #2


Don't like donuts. Don't do MySpace.
********

Group: WDG Moderators
Posts: 17,927
Joined: 9-August 06
Member No.: 6



I don't know how this works in the receiving end (PHP) but spaces in URLs should be escaped with %20, i.e. URL encoded.

See http://www.blooberry.com/indexdot/html/top...urlencoding.htm .
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Frederiek
post Mar 10 2016, 11:18 AM
Post #3


Programming Fanatic
********

Group: Members
Posts: 5,146
Joined: 23-August 06
From: Europe
Member No.: 9



See also http://php.net/manual/en/function.urlencode.php .
Or search for "php pass parameters with spaces to another page"
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Mar 10 2016, 03:05 PM
Post #4


.
********

Group: WDG Moderators
Posts: 7,837
Joined: 10-August 06
Member No.: 7



QUOTE(phpnoob @ Mar 10 2016, 03:09 PM) *

I do realise that there are issues with the code in reltion to potential for SQL injection etc... , but its an enclosed internal system.

People could still enter dangerous characters by mistake...

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



- Lo-Fi Version Time is now: 20th June 2018 - 04:23 PM