Hi ,
Hoping someone can help . Im trying to pass a parameter from one page to another in order to open a record on the second page based on the first page .
Generally quite straight forward , but in this case the parameter im passing is a full name with a space .
The code in the "sending" document is
<p>Sender : <a href="contact.php?con=<?php echo $row_rsetcon['sender'] ?>"><?php echo $row_rsetcon['sender']; ?></a></p>
This passes the parameter correctly to the contact.php file and it appears in the address bar like so ....
http://127.0.0.1/kb1/contact.php?con=John Smith
The receiving code in the file contact.php is ..
$con=($_GET['con']);
However the result on the web page is
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Smith' at line 1
If I manually put double quotes around the name , then it works as expected. http://127.0.0.1/kb1/contact.php?con="John Smith"
Can I pass the parameter in Double Quotes or is there a better way to do this ? Ive tried urlencode and rawurlencode , no joy , but maybe im not using them correctly.
I do realise that there are issues with the code in reltion to potential for SQL injection etc... , but its an enclosed internal system.
Thanks for any help.
I don't know how this works in the receiving end (PHP) but spaces in URLs should be escaped with %20, i.e. URL encoded.
See http://www.blooberry.com/indexdot/html/topics/urlencoding.htm .
See also http://php.net/manual/en/function.urlencode.php .
Or search for "php pass parameters with spaces to another page"
Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)