PHP help - variables in GET querystring

grahamor · 06-03-2007 12:33am #1

Hi,

Im updating a small property site thats done in php. On the property search page there is a checkbox for every country where there is property. The form is submitted using GET and the query comes out like

searchProperty.php?13=on&6=on&14=on&7=on

Where the numbers are countryID's and the ones in the querystring are the ones checked in the form.

I need to get the values from the querystring, store them in a string so i can use them in a SQL command like : SELECT properties WHERE propertyID IN($string).

Can someone suggest a good way to do this or an alternative ! php isnt really my thing.

Thanks

sicruise · 06-03-2007 2:05am

I don't program in php but i'm pretty sure you use

$_GET(PARAM)

Correct me if i'm wrong...

louie · 06-03-2007 9:32am

using php you'll do:
[php]
$name = "";//set variable
if (isset($_GET)){
$name = $_GET; // where name is your variable
}
[/php]

seamus · 06-03-2007 10:11am

As others say, you access any GET variables using the global $_GET

This is an array which contains every GET variable passed to the script. The name of the variable is the array key, and the value is the value.

So if you have, say 14 checkboxes numbered 1 to 14, then you can access the value of 1, by using $_GET.

The big problem with checkboxes is that the variable only gets passed to the script if the checkbox is checked. If it's not checked, the variable doesn't get passed to the script. So if you have the above 14 checkboxes, and someone only has selected 1, then the only variable available to you is $_GET. None of the other variables, e.g. $_GET are defined.

Quick tip for much neater and more manageable code, is to load such items into an array *before* they get passed to the script.

If you write
[html]<input type="checkbox" name="countries[]" value="1">
<input type="checkbox" name="countries[]" value="2">
<input type="checkbox" name="countries[]" value="3">
<input type="checkbox" name="countries[]" value="4">
<input type="checkbox" name="countries[]" value="5">[/html]
When any of these are selected, this will create an array called $countries, which can be access via $_GET

Then you just need to do a foreach() to loop through the array an extract the values, instead of having to check if each of the 14/15/5million checkboxes have been checked.

Ziycon · 06-03-2007 12:55pm

If i was you i would try using mod_rewrite or think about passing the var's from pages using sessions, that way it will hide the data and stop people just clicking on the browser address bar and entering crazy characters or numbers that dont exist!

rsynnott · 06-03-2007 2:12pm

Ziycon wrote:

If i was you i would try using mod_rewrite or think about passing the var's from pages using sessions, that way it will hide the data and stop people just clicking on the browser address bar and entering crazy characters or numbers that dont exist!

Of course, if you did it with sessions, then the application would behave madly if the user had more than one window open, or if they used the back button. Bebo finally copped onto this recently, after being virtually unusable for some years. (You could use sessions within sessions, with a session-within-session identifier passed in the GET string, but that seems over-complicated). A more sensible approach would just be to do proper escaping if you're using a database, and sanitise any other input appropriately.

grahamor · 06-03-2007 5:53pm

im gonna try Seamus' method with the array, i think ill also change the form method to POST.

Thanks for the replys

rsynnott · 06-03-2007 6:01pm

grahamor wrote:

im gonna try Seamus' method with the array, i think ill also change the form method to POST.

Thanks for the replys

Don't change the form method to POST unless you have good reason to do so; it will make it impossible to bookmark a result, and so on.

Ziycon · 06-03-2007 10:29pm

rsynnott wrote:

Of course, if you did it with sessions, then the application would behave madly if the user had more than one window open, or if they used the back button. Bebo finally copped onto this recently, after being virtually unusable for some years. (You could use sessions within sessions, with a session-within-session identifier passed in the GET string, but that seems over-complicated). A more sensible approach would just be to do proper escaping if you're using a database, and sanitise any other input appropriately.

I get you, i just use error checking on the query string! check and see if its a char or num and if it exists on not!

democrates · 06-03-2007 11:30pm

Ziycon wrote:

I get you, i just use error checking on the query string! check and see if its a char or num and if it exists on not!

User submitted input is always of type string, even if the string contents can be cast to numeric, here's a handy article http://devzone.zend.com/node/view/id/1113
which shows examples of an 'old' way of dealing with input and a new way using the filter functionality introduced in php 5.1 (which may not be on your server).
Worth a read, very reuseable knowledge.

PHP help - variables in GET querystring

Comments