I have a script that I wrote to look up an ID based on uniqueID
if ($_REQUEST['uniqueId'] != ""){
$qA = "SELECT id FROM customerdata WHERE uniqueId = \"". $_REQUEST['uniqueId']."\"";
$rA = mysql_query($qA);
list($id) = mysql_fetch_row($rA);
echo $id;
exit;
if ( mysql_num_rows ($rA) > 0) {
header('Location:response-en.php?id=$id');
}
else
{
header('Location:not-found.php');
}
}
Rather than sending the user to response-en.php?id=1 it sends them to response-en.php?id=$id
Any idea why this is happening? Any help would be greatly appreciated! Thank you!
Use:
header('Location:response-en.php?id='.$id);
When you use a single quote: '
This is a string literal. Everything (and I mean EVERYTHING) inside that string is taken wholesale. If you did this: $something = 'Location:response-en.php?id=$id';, the value of $something is: Location:response-en.php?id=$id In order to add a variable into the string, you use the concatenation operator .. Thus, the value of $something after $something = 'Location:response-en.php?id='.$id; would be Location:response-en.php?id=5 (assuming $id = 5)
See: http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.single
When you use double quote: "
PHP will search inside your sting to find any variables. It will then replace the variable name with the value of the variable. If you did this: $something = "Location:response-en.php?id=$id";, the value of $something is: Location:response-en.php?id=5 - note the use of double quotes.
See: http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.double
Also, I wanted to add that your script is vulnerable to SQL-injection attack. Always sanitize query-string values before using them in an SQL query. For more info on sanitizing values for sql, see the docs for mysql_real_escape_string.
Variables inside a single-quoted string are not parsed. Variables inside double quotes are. Check out:
http://www.php.net/manual/en/language.types.string.php
You need double quotes to process variables in a string. Not single quotes.
You have to use " in stead of '
header("Location:response-en.php?id=$id");
or:
header('Location:response-en.php?id='.$id);
Try enclosing your string with double quotes instead of single quotes for correct variable parsing:
"Location:response-en.php?id=$id"
or use complex syntax with curly braces surrounding your variables:
"Location:response-en.php?id={$id}"
See manual.
Related
I am not getting any results while passing the values intot the stores procuder I have the code below
<?php
$a="26456";
$result3=mysql_query('CALL getItemStock($a)');
$row = mysql_fetch_array($result3);
?>
Try this:
$result3=mysql_query('CALL getItemStock('.$a.')');
or
$result3=mysql_query("CALL getItemStock($a)");
UPDATE:
If the parameter defined as string then you need to enclose it with quotes as well. For example:
$a = 'I am String';
$result3=mysql_query("CALL getItemStock('$a')");
However, if the parameter defined as number, then no quotation required.
Why is this php function not working? It does work when not using $element.
With $element it always returns test.
function setVar($element)
{
if(isset($_POST['$element'])){
$varname = $_POST['$element'];
}
else {
$varname = 'test';
}
return $varname;
}
$var = setVar('element_6');
You probably mean:
... $_POST[$element] ...
without the quotes? Single-quoted content never gets replaced.
Change $_POST['$element'] in your code to $_POST[$element] and it should work fine.. $_POST['$element']) refers to nothing right now.
You'll need to change $_POST['$element'] to $_POST[$element]. Anything between single quotes is treated literally.
See: http://php.net/manual/en/language.types.string.php
You're referencing $_POST['$element']. Note that the single quotes around $element here turn it into a static string.
Solution: Remove the quote marks, and it will parse the $element properly.
How can i get this to work properly:
if ((empty($page_name))
&& ($currentid == '$storedid')) { // PHP If Statement with multiple Checks
require_once("1.php");
} else { // PHP Else
require_once("2.php");
}
Right now regardless its showing me 2.php....
$page_name is a value for a db table. $currentid is session_id and $storedid is the stored id in the db for the $page_name.
Remove the single quotes in ($currentid == '$storedid')
to
($currentid == $storedid)
Your solution compares $currentid with a static string. Because of the single quotes $storeid is interpreted as a string.
Remove the single quotes surrounding $storeId, or put it in double quotes.
Where you are using '$storedid', it should be double quoted or not quoted at all. PHP is interpreting this as the literal string $storedid instead of parsing it as a variable.
I've something weird into my code and I really don't get the behavior.
I always used array with string variables keys like this:
$string = "my key";
$array[$string] = "my value";
But in one case, it doesn't work. I'm forced to put $string into double quotes, otherwise my array remains empty.
I really don't understand why. Moreover, further in my code I use the same "$string" as an id to create an another array, and it works fine without double quotes.
Here is my code where double quotes are needed (array[]):
foreach($xml2->menu as $children) {
$id = $children['id'];
$this->array["$id"] = $children->label;//Problem here
}
And here, the code without double quotes ($resultArray[]):
for($i=0; $i < count($idArray); $i++){
$id = $idArray[$i];
$resultArray[$id] = $this->array[$id];//Problem here
}
Does someone have any idea about why this is happening?
Edit:
The content of $idArray[$i] and $children[$id] is some string like "about", "contact" etc.
And when I say "it doesn't work", I mean that the created array is null.
Does $children["id"] contain an object? Then type it to an int:
$id = (int) $children["id"];
Then you can use it again as $id.
I have a piece of code that looks like this:
$result = mysql_query($queryc) or die(mysql_error());
if(mysql_num_rows($result) > 0)
{
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
echo $row['$field'];
}
}
Say that code was in a function and I wanted to pass $field to the $row[''] how would I accomplish that?
In other words I'm attempting to use $row['$field']; and $field is defined elsewhere
suppose you have this function definition:
function foo($field) {
// from that code you have given
....
echo $row[$field]; // no need of the quotation marks around $field
....
}
You'd not put any quotes around $field... like this:
echo $row[$field];
Variables are not expanded in single quotes; they are only expanded in double quotes or in the heredoc syntax:
When a string is specified in double quotes or with heredoc, variables are parsed within it.
So either use double quotes or, even better, just omit them:
$row[$field]
Single quotes inhibit variable substitution.
echo $row["$field"];
or just
echo $row[$field];
The latter is highly recommended as it does not require PHP to parse $row["$field"] into $row[$field]. Saves you some microtime in each iteration.