Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts

    $http_get_var help (I think)

    Hi all,
    ok first off I'm a complete noob so if this is completely wrong just let me know.

    I have 3 tables, products, producttypes and aperturesize.
    I have a list with details from products which I want to filter by producttypes and aperturesize. Using a jumpmenu I am creating a url with index.php?producttype=1&aperturesize=1.
    I am tring to use the variables to filter using $http_get_vars['TypeID'] as an example with producttypes.TypeID = $http_get_vars['TypeID'].
    The url is passing but no filtering is taking place, it either just shows all records or error.
    Can anyone point out where I am going wrong, preferable in terms of dreamweaver as I have bought a php book, but don't have much free time.

    Thanks

    Matt
    Last edited by Mellowchimp; 01-08-2007 at 10:59 PM. Reason: Noticed the title says var but I am using vars

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    $HTTP_*_VARS are deprecated, its wiser to use superglobals instead.
    So, with $HTTP_GET_VARS, you now use $_GET. Nice and simple that way.
    Second, you should clean your variables first. You do this by a number of ways, you can typecast your variables into the correct data type (if you need an int value, use (int)$_GET['var'] for example). If its string based, look into using a mysql_real_escape_string or your own similar method to prevent injections.
    Your query should be similar to so:

    $query = "SELECT `data_to_get`, `more_data_to_get`... FROM `table` WHERE producttypes.Typeid = '" . $_GET['TypeID'] . "'";

    To further limit the value of your filter, use AND as your operator for your where clause. Keep in mind, that the data has to match some field value, or you will get an empty result set.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • #3
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Got it!!

    That works perfectly, thank you very much

  • #4
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Actually one more question

    This now works fine for example index.php?TypeID=1&ApertureID=1 or index.php?TypeID=2&ApertureID=1 and so on.

    What I want to do is filter using multiple values from the same variable, eg,

    index.php?TypeID=1,2,3&ApertureID=1,2

    Is this just a case of formating the url correctly or some other way.

    I am using mysql_real_escape_string and magic quotes to prevent injections, but admit to not really understanding how this effects it.

    Matt

  • #5
    Senior Coder whizard's Avatar
    Join Date
    Jan 2005
    Location
    Philadelphia, PA, USA
    Posts
    1,662
    Thanks
    14
    Thanked 76 Times in 76 Posts
    Try this:
    PHP Code:
    $type_id $_GET['TypeID'];
    $type_id explode(",",$type_id
    Then, as per your example,

    $type_id[0] would equal '1', $type_id[1] would equal '2', and so on.


    HTH,
    Dan
    PHP Tip: If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.

    Don't forget to save everyone time and mark your thread as Resolved :)

    "Also note that it is your responsibility to die() if necessary."

    DON'T USE THE MYSQL_ EXTENSION

  • #6
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sorry, your going to have to be a bit simple with me here....

    I think I get what this does, but where do I add this to the code? The code is as follows

    PHP Code:
    $colname_rsprod "-1";
    if (isset(
    $_GET['ApertureID'])) {
      
    $colname_rsprod = (get_magic_quotes_gpc()) ? $_GET['ApertureID'] : addslashes($_GET['ApertureID']);
    }
    $colname2_rsprod "-1";
    if (isset(
    $_GET['TypeID'])) {
      
    $colname2_rsprod = (get_magic_quotes_gpc()) ? $_GET['TypeID'] : addslashes($_GET['TypeID']);
    }
    mysql_select_db($database_mydatabase$mydatabase);
    $query_rsprod sprintf("SELECT ProductID, ProductName, Specifications, `Description`, SmallImage, sold.Sold, products.`Online`, aperture.ApertureID, products.ApertureID, products.TypeID, producttypes.TypeID FROM products, sold, aperture, producttypes WHERE products.`Online` = 1 AND products.SoldID = sold.SoldID AND products.ApertureID = aperture.ApertureID AND products.TypeID = producttypes.TypeID AND products.TypeID = %s AND products.ApertureID = %s ORDER BY products.ProductID"GetSQLValueString($colname2_rsprod"int"),GetSQLValueString($colname_rsprod"int"));
    $query_limit_rsprod sprintf("%s LIMIT %d, %d"$query_rsprod$startRow_rsprod$maxRows_rsprod);
    $rsprod mysql_query($query_limit_rsprod$snb) or die(mysql_error());
    $row_rsprod mysql_fetch_assoc($rsprod); 
    TIA
    Matt

  • #7
    Senior Coder whizard's Avatar
    Join Date
    Jan 2005
    Location
    Philadelphia, PA, USA
    Posts
    1,662
    Thanks
    14
    Thanked 76 Times in 76 Posts
    After
    $colname_rsprod = (get_magic_quotes_gpc()) ? $_GET['ApertureID'] : addslashes($_GET['ApertureID']);

    you would would do the explode(",",$colname_rsprod)

    and after
    $colname2_rsprod = (get_magic_quotes_gpc()) ? $_GET['TypeID'] : addslashes($_GET['TypeID']);

    you would do the explode(",",$colname2_rsprod);

    HTH
    Dan
    PHP Tip: If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.

    Don't forget to save everyone time and mark your thread as Resolved :)

    "Also note that it is your responsibility to die() if necessary."

    DON'T USE THE MYSQL_ EXTENSION

  • #8
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok, so I have entered these and have the 2 lines
    PHP Code:
      $colname_rsprod = (get_magic_quotes_gpc()) ? $_GET['ApertureID'] : addslashes($_GET['ApertureID']); explode(",",$colname_rsprod); 
    and

    PHP Code:
      $colname2_rsprod = (get_magic_quotes_gpc()) ? $_GET['TypeID'] : addslashes($_GET['TypeID']); explode(",",$colname2_rsprod); 
    This does not error, but makes no difference to my filtering, it still filters by the first number for each variable. eg, index.php?TypeID=1,2,3&ApertureID=1,2 still only returns those records that have TypeID=1 and ApertureID=1.

    Sorry to be a pain and I promise to read that book when I get 5 mins to spare

    Matt

  • #9
    Senior Coder whizard's Avatar
    Join Date
    Jan 2005
    Location
    Philadelphia, PA, USA
    Posts
    1,662
    Thanks
    14
    Thanked 76 Times in 76 Posts
    Sorry, I was a little unclear

    I meant more like this:

    PHP Code:
    $colname_rsprod "-1";
    if (isset(
    $_GET['ApertureID'])) {
      
    $colname_rsprod = (get_magic_quotes_gpc()) ? $_GET['ApertureID'] : addslashes($_GET['ApertureID']);
    $colname_rsprod explode(",",$colname_rsprod);
    //Now colname_rsprod should be array holding each value for ApertureID
    }
    $colname2_rsprod "-1";
    if (isset(
    $_GET['TypeID'])) {
      
    $colname2_rsprod = (get_magic_quotes_gpc()) ? $_GET['TypeID'] : addslashes($_GET['TypeID']);
    $colname2_rsprod explode(",",$colname2_rsprod);
    //Now colname2_rsprod should be array holding each value for TypeID

    }
    mysql_select_db($database_mydatabase$mydatabase);
    $query_rsprod sprintf("SELECT ProductID, ProductName, Specifications, `Description`, SmallImage, sold.Sold, products.`Online`, aperture.ApertureID, products.ApertureID, products.TypeID, producttypes.TypeID FROM products, sold, aperture, producttypes WHERE products.`Online` = 1 AND products.SoldID = sold.SoldID AND products.ApertureID = aperture.ApertureID AND products.TypeID = producttypes.TypeID AND products.TypeID = %s AND products.ApertureID = %s ORDER BY products.ProductID"GetSQLValueString($colname2_rsprod"int"),GetSQLValueString($colname_rsprod"int"));
    $query_limit_rsprod sprintf("%s LIMIT %d, %d"$query_rsprod$startRow_rsprod$maxRows_rsprod);
    $rsprod mysql_query($query_limit_rsprod$snb) or die(mysql_error());
    $row_rsprod mysql_fetch_assoc($rsprod); 
    Changes are around the comments

    HTH
    Dan
    PHP Tip: If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.

    Don't forget to save everyone time and mark your thread as Resolved :)

    "Also note that it is your responsibility to die() if necessary."

    DON'T USE THE MYSQL_ EXTENSION

  • #10
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Still no joy.........

    I have tried striping out the magic quotes and strip slashes but with or without these are now returning no records.

    Any idea anyone?

    Matt

    Edit - Is this effected because I am trying to return values from the same var, ie, index.php?param1=1,2,3&param2=1,2,3 or index.php?param1=1&param1=2&param1=3&param2=1&param2=2&param2=3.
    Last edited by Mellowchimp; 01-10-2007 at 01:16 AM. Reason: see edit

  • #11
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    bump

  • #12
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,129
    Thanks
    2
    Thanked 328 Times in 320 Posts
    Passing the parameters as a list of values 1,2,3 does work. In your earlier post - index.php?TypeID=1,2,3&ApertureID=1,2 results in the following:

    GET data -
    Key: TypeID, Value: 1,2,3
    Key: ApertureID, Value: 1,2

    The problem is that you need to correctly form the query string and for troubleshooting purposes, echo the query string to make sure it contains the expected contents.

    To form a query that will match any of the values in a list (I am assuming that these ID's are integers, but this will work for strings) you need to use the IN (...) operator, something like this -

    SELECT ... WHERE ... your_column IN (1,2,3)
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •