在php中使用get变量获取链接的值

Question

I have a link in a php file which takes mke to another page. Here is the link:

 <?php  echo ' <a href="product_detail.php?marca='.$row["maname"].'">'?>

So I know that I can take the marca from this link using $_GET["marca"] in php. Now I want to output some categories but only them which marca is the same as $_GET["marca"]. I create this sql query but it outputs an error in the last row:

 $sql0="SELECT marche.marca as maname FROM marche WHERE maname=$_GET["marca"]; ";

Have I done something wrong? Can someone tell me which is the right syntax to include get variable inside sql queries?Thanks!

Answer 1

Your query seems to be okay except at one place.

$sql0="SELECT marche.marca as maname FROM marche WHERE maname=".$_GET["marca"]; 

But you should not depend on input ,you need to first sanitize it. eg,

$input = mysql_real_escape_string(trim($_GET["marca"]));

$sql0="SELECT marche.marca as maname FROM marche WHERE maname='$input'";

Answer 2

Since you try de put php in your request, you need to close the SQL request, do your action in php, then open again your SQL request, like that :

$sql0="SELECT marche.marca as maname 
FROM marche 
WHERE maname=" . $_GET["marca"] .";";