PHP - Tags in URL seperated by +

Dave!

Hi there,

What I'm trying to do is pass parameters to a script by appending them to the URL. The only way I know how to do this is using $_GET, which requires you do have different variables seperated by an ampersand.

But the values I'd like to pass are all for the same column in a table, so I'd like to not have to specify a variable name if possible.

At the moment what I'm doing looks like this:

?c_id8=y&c_id9=y&c_id2=y&c_id10=y

Which is obviously bullshít

I've seen URLs with parameters/tags/search terms seperated by plus signs, something like:

?search=8+9+2+10

Can I do this? And how would I then retrieve the values from the URL?

Thanks

The Gibmiester

Not sure about the plus signs. You could try putting the column ids into one url variable and separate them with a delimiter character. You could then split the variable into an array.

E.g.

    $ids = explode(":", $_GET['cols']);
    foreach ($ids as $id)
        echo $id."<br />";

and have the URL like so ...domain.com/filename.php?cols=w:x:y:z

Dave!

Nice one, I worked that much out eventually. At the moment I've got the parameters in the URL as:

?search=8+2+10+11

Then using the following to decode the terms:

$terms = urldecode($_GET['search']);
$pieces = explode(" ", $terms);
foreach($pieces as $piece) {
	$search .= $piece . ", ";
}
//the above leaves me with eg. the following:
//8, 2, 10, 11,

$query = "select * from channels where c_id in(". $search .")";
$result = mysql_query($query) or die("This didn't work..." . mysql_error());
while ($row = mysql_fetch_array($result)) {
	$table .= "<div>ID: ". $row['c_id'] ."<br />Name: ". $row['c_name'] ."</div>";

//the above doesn't work because I end up with a stray comma at the end
}

I'm sure there's a function that could be used to remove the comma at the end, but I'm sure there's a better way to go about this, given how prevalent it is to seperate search terms with a plus sign...

The Gibmiester

You could add a check in the for loop to see if it is the last element in the array or not, you don't to concat a comma if it is the last element.

        $terms = urldecode($_GET['search']);
        $pieces = explode(" ", $terms);
        for ($i = 0; $i < sizeof($pieces); $i++) {
            if($i == (count($pieces) -1))
                $search .= $pieces[$i];
            else
                $search .= $pieces[$i] . ", ";
        }

Seems a bit long though, there probably is a better way.

Dave!

Cheers boss,

Yeah that's a bit of a messy way of doing it, but it does work Not sure if I should be throwing in some security/sanitization functions too, probably.

If anyone else wants to chip in any suggestions, go for it! For the time being, we'll go with the above

Creamy Goodness

use implode() so you don't have to check the last element in the array

eg.

[php]
$pieces = explode(" ", $terms);
$search = implode(', ', $pieces);
[/php]

will make your code more efficient as it cuts out the foreach loop on the pieces. implode() will leave you with a string.

also TREAT ALL UN SANITIZED DATA AS HOSTILE DATA so if this is for production SANITIZE inputs or it if it's for college project sanitize anyways as it's good practice.

Dave!

Thanks! Implode works well

It's neither for college or production, just a personal project really. What functions would you recommend using in the above? And at what point?

Cheers

The Gibmiester

Will you always have 4 parameters? If so just hard code them and eliminate the for loop.

$terms = urldecode($_GET['search']);
$pieces = explode(" ", $terms);
$search = $pieces[0].", ".$pieces[1].", ".$pieces[2].", ".$pieces[3];

As for security you should probably wrap the code in an if statement checking that the search variable is not empty. And also use the mysql_real_escape_string() function on the $search variable to try to prevent database hacks. If you do use it you may also need to strip slashes depending on your data and the get_magic_quotes_gpc configuration.