Hoping someone can help . Im trying to pass a parameter from one page to another in order to open a record on the second page based on the first page .
Generally quite straight forward , but in this case the parameter im passing is a full name with a space .
The code in the "sending" document is
<p>Sender : <a href="contact.php?con=<?php echo $row_rsetcon['sender'] ?>"><?php echo $row_rsetcon['sender']; ?></a></p>
This passes the parameter correctly to the contact.php file and it appears in the address bar like so ....
The receiving code in the file contact.php is ..
However the result on the web page is
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Smith' at line 1
If I manually put double quotes around the name , then it works as expected. http://127.0.0.1/kb1/contact.php?con="John Smith"
Can I pass the parameter in Double Quotes or is there a better way to do this ? Ive tried urlencode and rawurlencode , no joy , but maybe im not using them correctly.
I do realise that there are issues with the code in reltion to potential for SQL injection etc... , but its an enclosed internal system.
Thanks for any help.
I don't know how this works in the receiving end (PHP) but spaces in URLs should be escaped with %20, i.e. URL encoded.
See http://www.blooberry.com/indexdot/html/topics/urlencoding.htm .
See also http://php.net/manual/en/function.urlencode.php .
Or search for "php pass parameters with spaces to another page"
Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)