stackoom
  简体   繁体   中英

PHP GET request using varchar datatype as input

 原文  2018-02-05 12:08:07       php/ mysql/ get

Question

Sorry if the wording in the title is not correct (new to PHP). I'm trying to return results from a mysql db using below php scripts.

php script 

<?php

require "conn.php";

$adopt_id = $_GET["adopt_id"];

  $query = "
select *
from temp_table
where adopt_id = $adopt_id
";

....
?>

Now if I run the above in my browser as url below, it returns as expected http://localhost/searchfeed.php?adopt_id=1

Dump of above query: 

select *
from temp_table
where adopt_id = 1

Same php script but filtering on a diff field which is of varchar data type.

php script 

    <?php

    require "conn.php";

    $GENDER = $_GET["gender"];

      $query = "
    select *
    from temp_table
    where gender = $GENDER
    ";

    ....
    ?>

Now if I run the above in my browser as url below, it returns null because its not getting any results = http://localhost/searchfeed.php?gender=M

I dumped the above query to a log file, seems like it doesn't do anything with the $GENDER. This is what the query looks like 

select *
from temp_table
where gender =

3 answers

solution1
 1  2018-02-05 12:13:26

This is because you need to put non-numeric values within single quotes. 

select *
from temp_table
where gender = '$GENDER'

Please also have a look at Prevent SQL Injections

solution2
 0  2018-02-05 12:33:55

The correct should be this way. 

<?php

require "conn.php";

$GENDER = $_GET["gender"];

  $query = "
select *
from temp_table
where gender = '".$GENDER."'";

....
?>

This way our query will work even ig the $GENDER value is a string. In the previous answeres the mysql will return an error.

solution3
 -1 ACCPTED  2018-02-05 12:20:48

I don't see any problem with your PHP code in your second statement, but as suggested by others, your MySQL query consists of incorrect statement.

Please, update your MySQL statement to look either like: 

select *
from temp_table
where gender = '$GENDER'

or 

select *
from temp_table
where gender like '$GENDER'

Also consider using any MySQL library, as such usually consists of various security patches (as noted in the previous answer - the SQL injections)

or at least use mysqli_real_escape_string() function

Edit: Problem solved most probably by incorrect variable name spelling. GET variables are all stored in $_GET array.

your value of gender can be accessed by this statement: $gender = $_GET['gender'];

note: for others - be careful to spell variable like $_GET not $GET

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get datatype of input variable in the command line Php Converting a varchar datatype to date in php mysql How to get last record by date but a datatype varchar mysql how to get the type of data in a varchar field using query. as it can hold any datatype as string send dynamically created input values to PHP using get request using datatype in php is possible? Get results order by date in MySQL if date field's datatype is varchar php://input contains data for a GET request Is there a way to get datatype long php? find and replace in an VARCHAR using php
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM