Hi all,
<a href='catalog.php?cat=peop&sortkey=title'>Click here</a>
When I use this link I expect $cat and $sortkey to be available in the target programme but they ain’t. I’ve also tried method=post, no luck. The HTTP_VARS (POST & GET) are empty.
I’m obviously missing something, who can tell me what?
Thanks.
Mike
Try this:
echo $_GET['catalog'];
echo "<br>";
echo $_GET['sortkey'];
echo "<br>";
$catalog = $_GET['catalog'];
$sortkey = $_GET['sortkey'];
$query = "SELECT * FROM books
WHERE catalog='" . mysql_real_escape_string($catalog) . "'
ORDER BY " . mysql_real_escape_string($sortkey) ;
You should also check for situations where $_GET[‘sortkey’] and $_GET[‘catalog’] are not provided.
Hi,
Thanks. I inserted the query exactly as shown but get this message: (The first 2 words are the contents of the 2 parameters)
art
Author
mysql error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘’ at line 3 in query SELECT * FROM books WHERE catalog= ‘’ ORDER BY
The code, the error is somewhere in the ORDER BY line?
echo $_GET['catalog'];
echo "<br>";
echo $_GET['sortkey'];
echo "<br>";
$query = "SELECT * FROM books
WHERE catalog='" . mysql_real_escape_string($catalog) . "'
ORDER BY " . mysql_real_escape_string($sortkey) ;
Thanks again.
you should be able to access cat and sortkey as indexes in the super global $_GET array in catalog.php
echo $_GET[‘cat’]; // peop
echo $_GET[‘sortkey’]; // title
You should read this http://www.php.net/manual/en/reserved.variables.get.php
Variables that you put in strings surrounded by single quotes (') are not expanded. Only in double quotes (") does that happen.
Try this:
$query = "SELECT * FROM books WHERE catalog='" . mysql_real_escape_string($catalog) . "' ORDER BY " . mysql_real_escape_string($sortkey2) ;
You probably want to check $sortkey2 against a (white) list of allowed sorting fields before throwing it in the query first though.
Thanks and I’ve now got the info but …
when I try to use the parameters in a query(see below) I get the following error message:
art
Author
mysql error Unknown column ‘$catalog’ in ‘where clause’ in query SELECT * FROM books WHERE catalog=$catalog ORDER BY $sortkey2
art and Author are the contents I need and are the values of $catalog and $sortkey2 resp.
What am I missing?
$catalog = $_GET['cat'];
$sortkey2 = $_GET['sortkey'];
echo $catalog;
echo '<br>';
echo $sortkey2;
echo '<br>';
$query = 'SELECT * FROM books
WHERE catalog=$catalog
ORDER BY $sortkey2';
$result = mysql_query($query)
or die('mysql error ' . mysql_error() . ' in query ' . $query);