in my php code i am passing an id for the php to get the info from the sql server.
it seems to work fine but whenever i have an '&' in the name, it doesn't work any more
$doc_info = array();
$id = "ID not set";
if(isset($_GET['document_id'])) {
$id = $_GET['document_id'];
$id = str_replace('___', '&', $id);
$doc_info = get_document_info($id);
$doc_info['dummy'] = " ";
}
example of an id that works "2017_test id"
http://localhost/php/single-entry.php?document_id=2017_test%20id
here I get the info right.
example of an id that doesn't work "2017_e&i EDV"
http://localhost/php/single-entry.php?document_id=2017_e&i%20EDV
here I get PHP WARNING: Undefined index. although the data is in DB.
I am passing the id to another function that get an array of the info stored in the DB with this ID .
in first example I get the data, but if the name has '&' i get Undefined index
You can use the following:
urlencode($document_id) - while sending the request to your php script
And as pointed on in comment section, $_GET["document_id"] would give
you already decoded value
And use the decoded value instead in your PHP script.
Related
I hate PHP, but I have to do this. I have spent the last 2 days searching for a simple way to write a SQL Select with a LIKE clause where the parameter is passed from the lname input text on the form. Now, it has to be SQL Server, NOT MYSQL
So here is what I've done so far.
function getActorDetailsLnameOnly($lname) {
// the SQL query to be executed on the database
$query = "select NameFirst, NameLast, Age, Gender from actor where NameLast like '%$lname%'";
return executeQuery($query);
}
on the index.php, I wrote the following:
if ((!empty($_REQUEST['lname'])) and ( empty($_REQUEST['age']) and ( empty($_REQUEST['gender'])))) {
$lname = (string) $_GET['lname'];
$sql = getActorDetailsLnameOnly($lname);
foreach ($sql as ...) {
extract(...);
...
The code returns a value, but it's nowhere near correct. It's like requesting A in the select statement and it's returning Z. I can't figure it out.
You check form input values through $_REQUEST['lname'] and then assign a variable $lname = (string) $_GET['lname'];. If form method is POST then $_REQUEST['lname'] would have the value and $_GET['lname'] would be empty. As the result like pattern would be '%%', which is effectively everything but NULL.
Basically, $_GET is for GET, $_POST is for POST and $_REQUEST is for any.
Try using $lname = (string) $_REQUEST['lname'];.
I am building a web application and there is a part there where I need to load records from a store given a set of ids. The way I went about this was to get all the ids, store them in an array, and then load the store with that array as an extra param.
Here is my code:
for(var i = 0 ; i < store.count() ; i++){
console.log("id person = " + store.getAt(i).get("ID_PERSON"));
idArray.push(store.getAt(i).get("ID_PERSON"));
}
console.log("id array = " + idArray);
store = Ext.getStore('borrowerListStore');
store.getProxy().extraParams={
idArray: idArray
};
store.load({
callback: function(records, operation, success) {
var total = operation.request.scope.reader.jsonData['total'];
var message = operation.request.scope.reader.jsonData['message'];
console.log("message = " + message);
}
});
First, I go though my initial store then get all the ids and store them in an Array. After that, I declare my store, I get the proxy, I set the params, and then I use the idArray I assembled as the array.
The console line shows me proper values for example 77, 24, 80 so I know that I passed 3 values.
Then in my PHP code linked in the read method of my store, I do this:
else if(isset($_GET['idArray'])){
$idArray = $_GET['idArray'];
$array = $idArray;
for($i = 0 ; $i < count($idArray) ; $i++){
array_push($array, $idArray[$i]);
}
$sql = "SELECT * FROM TABLE WHERE ID IN(".implode(',',$array).")";
$result = mysql_query($sql);
$res->message .= " Loaded data ";
$res->message .= " sql = " . $sql;
$res->message .= " idArray = " . $idArray;
$res->message .= " array = " . $array;
$total = mysql_fetch_array($totalquery);
}
So that when the store loads and I enter the callback function, I can see the messages that got returned.
However, when I console out the messages, it seems to me that only the last array element is the only thing that my PHP received because the log would look like:
message = Message start Loaded data sql = SELECT * FROM TABLE WHERE ID IN() idArray = 80 array = 80
What's happening here? Why can't I seem to pass an array as extra param?
First of all, I am not sure whether you really want to transmit arrays as GET parameters. If the arrays become bigger, you run into max URL length issues. I would definitely recommend to use POST and transmit JSON to the server.
ExtJS 4.2.2 sends the array to the server correctly, I have checked in a fiddle that this cannot be the issue.
But I am not sure whether PHP understands the format in which it is sent. It seems as if when I call test.php?x=1&x=2, $_GET['x'] is not an array [1,2], but only a number 2. I am not sure why, though, I have not looked into PHP code. As a quick hack you could use
store.getProxy().extraParams={
idArray: idArray.join(',')
};
on the client side to transmit the ids as a string instead of array, and decode that string back into ids with
$array = array_map("intval",explode(",",$_GET['idArray']));
on the server side. (If you don't use intval and use the string without any check in the SQL query, you are prone to SQL injection attacks.)
hey try to change this line
array_push($array, $idArray[$i]);
to
$array[] = $idArray[$i];
I am getting my URL from my site and trying to save a certain field to a variable
$link = "$_SERVER[REQUEST_URI]";
// example of $link = "/index.php?option=com_course&id=1&Itemid=104"
if(strpos($actual_link,'id=') !== false){
$id = // the number after id= in the string
}
basically im checking if id= exists within the string and if it does to save the number of the id to $id.
so the outcome of the example of $link listed above would be for $id = 1
If the URL from the site is passing variables you can just use GET?
$id = $_GET["id"];
First of all, you want the first line to be $link = $_SERVER['REQUEST_URI'];.
But for requesting data like that, from an request to your own server, there's a reserved global variable: $_GET (http://php.net/manual/en/reserved.variables.get.php)
It'd work like this: $id = $_GET['id'];
is it possible to use GET or something like this to load a record into a form ?.
E.g I have for formA where it has a foreach list of all the clients in the DB , at the end of each row I have a link which is called 'edit' , this link goes to formB.php and is set out like this >>
sitename.com/FormB.php?token=<?php echo $ID ?>
This gives you an url that looks like the following :
http://www.sitename.com/formB.php?token=25
The link above would for example load the record with ID 25 into the second form.
I am not sure how to handle the link in the second form though, can you echo GET ID in the second form, or would it have to be GET token ?.
In PHP, there's the predefined $_GET variable. This is basically an array holding all GET paremeters:
// url = index.php?foo=bar&hello=world
echo $_GET['foo']; // bar
echo $_GET['hello']; // world
So, considering your url and query:
$query = 'SELECT * FROM `table` WHERE `token`=' . $_GET['token'];
To avoid security exploits, we need to use the function mysql_real_escape_string around the user-defined parameter when using strings. When using other types such as numbers you can just parse it to a number.
// if token is a number
$query = 'SELECT * FROM `table` WHERE `token`=' . intval($_GET['token']);
// if token is a string
$query = 'SELECT * FROM `table` WHERE `token`=' . mysql_real_escape_string($_GET['token']);
You can access your GET-Parameter with the $_GET-array. To see whats in there you can use:
print_r($_GET);
In the second case you would have to use $_GET['token'] as the parameter is named token.
Note: If you are passing the parameter into a SQL-Query make sure it is secured. In this case with intval(). SQL-Injections are bad.
Can't figure this out for the life of me. Trying to return the column names from the clients securities table, then return the result as an array. Can anybody point out where I'm getting off track?
mysql_select_db("HandlerProject", $con); //Selects database
$selectcols = "SELECT * FROM ".$clientname."securitiestable"; //selects all columns from clients security table
$tempcols = mysql_query($selectcols) or die(mysql_error());
$returnedcols = $mysql_fetch_array($tempcols);
$tempsymbol = mysql_query("SHOW COLUMNS FROM".$clientname."securitiestable");
$symbol = $mysql_fetch_array($tempsymbol);
Suggestions:
You've got $ signs prefixing the mysql_fetch_array() calls so you'd need to have assigned a value (function name you want to call) to $mysql_fetch_array (this is probably why you're seeing the error you mention in your comment).
Also you have a missing space after FROM in the second query
// v
$tempsymbol = mysql_query("SHOW COLUMNS FROM ".$clientname."securitiestable");
Last thing to check - is $clientname set?
Having said that - take Bill Karwin's advice!
I would use mysql_fetch_assoc() for the SELECT query, and then call array_keys() on any row of the result.
$selectcols = "SELECT * FROM ".$clientname."securitiestable";
$tempcols = mysql_query($selectcols) or die(mysql_error());
$returnedcols = mysql_fetch_assoc($tempcols);
$colnames = array_keys($returnedcols);
Your fatal error is because of a separate issue: you have a $ symbol at the start of your function call. This is legal PHP syntax, because you can put the name of a function in a variable and call it indirectly:
function foo($arg)
{
echo $arg . "!\n";
}
$bar = "foo";
$bar("hello world");
But in your case, it's probably not what you intended. If you want to call a function by its literal name, don't put a $ in front of it. If you have a string variable that contains the name of a function, then you can use the variable as I show above.