PHP Get Function with Characters rather than numbers

Hi,

I have am using characters in the URL rather than numbers. So the PHP Get Function needs to be edited to include extra " and '. This code is now working fine:

 $prod_info = mysql_fetch_array(mysql_query("SELECT * FROM products WHERE productid = '".$_GET['product']."'"

But, if I apply the same " and ’ to the get functions below Dreamweaver says there is a syntax error. I am guessing the Get Function needs editing in a different way when not in a Select Query. It this true? How should the below Get Functions be edited now that it is characters that the Get Function gets?

switch($_GET["action"])
{
case "add_item":
{
AddItem($_GET['product'], $_GET["quantity"]);
ShowCart();
break;
}
case "update_item":
{
UpdateItem($_GET["product"], $_GET["quantity"]);
ShowCart();
break;
}
}

$_GET is not a function, it’s an array. What exactly is the syntax error that dreamweaver is reporting?

In any case, I looked at your code, and it has too many curly braces :slight_smile:

Try this instead:


switch($_GET["action"]) {
    case "add_item": 
        AddItem($_GET['product'], $_GET["quantity"]);
        ShowCart();
    break;
    case "update_item":
        UpdateItem($_GET["product"], $_GET["quantity"]);
        ShowCart();
    break;
}

Notice how I removed the braces for each ‘case’?

Yes - I realise what you did and i have deleted them in my code - thanks.

My problem is with getting characters in with the Get Array Code. You may not know but $_GET[‘product’] only works with numbers. So if I am ‘getting’ productid 123 then it works fine. but if I want to get a set of characters, say productid apple-iphone then I need to add extra ’ and “. I am using this technique/extra code for the select queries as shown in my first post. I am using '”.$_GET[‘product’]."’

If I make the replacement with my Switch coding from $_GET[‘product’] to ‘“.$_GET[‘product’].”’ there a syntax error. Basically it is saying it does not make sense to add the extra ’ and " in this coding. Like I say the extra ’ and " works fine within the Select Query. What do I need to do with the Switch Case coding to allow characters to be used?!?

I am using something like www.site.com/product?product=name
The word ‘name’ uses characters and if you use just the basic $_get[“product”] you get
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/content/…/html/cart.php on line 43 PHP ERROR CODE

Hope you know why,

Matt.

A $_GET parameter can contain a string.

I think you have some other error in your query.

Try this:


$rs = mysql_query("SELECT * FROM products WHERE productid = '".$_GET['product']."'") or die("An error occurred: " . mysql_error());
$prod_info = mysql_fetch_array($rs);

This will show your SQL error.

I think you misunderstand me. The code in my Select Query is working fine with NO ERRORS.

But if I apply the same idea/same coding to the Switch Case coding below it DOES NOT WORK. Is there a different coding technique for the code below when using Characters!?!?

switch($_GET["action"]) {
    case "add_item": 
        AddItem($_GET['product'], $_GET["quantity"]);
        ShowCart();
    break;
    case "update_item":
        UpdateItem($_GET["product"], $_GET["quantity"]);
        ShowCart();
    break;
}  

This error:

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource

shows that there is something wrong with the query (or it is returning false). That’s why you need to debug your code to see what the query is returning.

If this works

$prod_info = mysql_fetch_array(mysql_query("SELECT * FROM products WHERE productid = '".$_GET['product']."'"

why does this not work

switch($_GET["action"]) {
    case "add_item": 
        AddItem('".$_GET['product']."', $_GET["quantity"]);
        ShowCart();
    break;
    case "update_item":
        UpdateItem('".$_GET['product']."', $_GET["quantity"]);
        ShowCart();
    break;
}  
'".$_GET['product']."'

???

Same code editing with the Get coding - but does not work in the latter

???

Matt.

Without seeing the complete code, first do a print_r on your $_GET. If that looks correct.

Do a print_r in your while loop of the $results.

This way you can tell exactly where things are failing.

You also need to sanitise the data coming in otherwise you’ll be vulnerable to SQL injection attacks.