...

View Full Version : $http_get_var help (I think)



Mellowchimp
01-08-2007, 09:58 PM
Hi all,
ok first off I'm a complete noob so if this is completely wrong just let me know.

I have 3 tables, products, producttypes and aperturesize.
I have a list with details from products which I want to filter by producttypes and aperturesize. Using a jumpmenu I am creating a url with index.php?producttype=1&aperturesize=1.
I am tring to use the variables to filter using $http_get_vars['TypeID'] as an example with producttypes.TypeID = $http_get_vars['TypeID'].
The url is passing but no filtering is taking place, it either just shows all records or error.
Can anyone point out where I am going wrong, preferable in terms of dreamweaver as I have bought a php book, but don't have much free time.

Thanks

Matt

Fou-Lu
01-09-2007, 03:33 AM
$HTTP_*_VARS are deprecated, its wiser to use superglobals instead.
So, with $HTTP_GET_VARS, you now use $_GET. Nice and simple that way.
Second, you should clean your variables first. You do this by a number of ways, you can typecast your variables into the correct data type (if you need an int value, use (int)$_GET['var'] for example). If its string based, look into using a mysql_real_escape_string or your own similar method to prevent injections.
Your query should be similar to so:

$query = "SELECT `data_to_get`, `more_data_to_get`... FROM `table` WHERE producttypes.Typeid = '" . $_GET['TypeID'] . "'";

To further limit the value of your filter, use AND as your operator for your where clause. Keep in mind, that the data has to match some field value, or you will get an empty result set.

Mellowchimp
01-09-2007, 10:46 AM
Got it!!

That works perfectly, thank you very much:thumbsup:

Mellowchimp
01-09-2007, 12:53 PM
Actually one more question :p

This now works fine for example index.php?TypeID=1&ApertureID=1 or index.php?TypeID=2&ApertureID=1 and so on.

What I want to do is filter using multiple values from the same variable, eg,

index.php?TypeID=1,2,3&ApertureID=1,2

Is this just a case of formating the url correctly or some other way.

I am using mysql_real_escape_string and magic quotes to prevent injections, but admit to not really understanding how this effects it.

Matt

whizard
01-09-2007, 04:31 PM
Try this:


$type_id = $_GET['TypeID'];
$type_id = explode(",",$type_id)


Then, as per your example,

$type_id[0] would equal '1', $type_id[1] would equal '2', and so on.


HTH,
Dan

Mellowchimp
01-09-2007, 05:13 PM
Sorry, your going to have to be a bit simple with me here....

I think I get what this does, but where do I add this to the code? The code is as follows


$colname_rsprod = "-1";
if (isset($_GET['ApertureID'])) {
$colname_rsprod = (get_magic_quotes_gpc()) ? $_GET['ApertureID'] : addslashes($_GET['ApertureID']);
}
$colname2_rsprod = "-1";
if (isset($_GET['TypeID'])) {
$colname2_rsprod = (get_magic_quotes_gpc()) ? $_GET['TypeID'] : addslashes($_GET['TypeID']);
}
mysql_select_db($database_mydatabase, $mydatabase);
$query_rsprod = sprintf("SELECT ProductID, ProductName, Specifications, `Description`, SmallImage, sold.Sold, products.`Online`, aperture.ApertureID, products.ApertureID, products.TypeID, producttypes.TypeID FROM products, sold, aperture, producttypes WHERE products.`Online` = 1 AND products.SoldID = sold.SoldID AND products.ApertureID = aperture.ApertureID AND products.TypeID = producttypes.TypeID AND products.TypeID = %s AND products.ApertureID = %s ORDER BY products.ProductID", GetSQLValueString($colname2_rsprod, "int"),GetSQLValueString($colname_rsprod, "int"));
$query_limit_rsprod = sprintf("%s LIMIT %d, %d", $query_rsprod, $startRow_rsprod, $maxRows_rsprod);
$rsprod = mysql_query($query_limit_rsprod, $snb) or die(mysql_error());
$row_rsprod = mysql_fetch_assoc($rsprod);

TIA
Matt

whizard
01-09-2007, 06:38 PM
After
$colname_rsprod = (get_magic_quotes_gpc()) ? $_GET['ApertureID'] : addslashes($_GET['ApertureID']);

you would would do the explode(",",$colname_rsprod)

and after
$colname2_rsprod = (get_magic_quotes_gpc()) ? $_GET['TypeID'] : addslashes($_GET['TypeID']);

you would do the explode(",",$colname2_rsprod);

HTH
Dan

Mellowchimp
01-09-2007, 09:50 PM
Ok, so I have entered these and have the 2 lines

$colname_rsprod = (get_magic_quotes_gpc()) ? $_GET['ApertureID'] : addslashes($_GET['ApertureID']); explode(",",$colname_rsprod);

and


$colname2_rsprod = (get_magic_quotes_gpc()) ? $_GET['TypeID'] : addslashes($_GET['TypeID']); explode(",",$colname2_rsprod);

This does not error, but makes no difference to my filtering, it still filters by the first number for each variable. eg, index.php?TypeID=1,2,3&ApertureID=1,2 still only returns those records that have TypeID=1 and ApertureID=1.

Sorry to be a pain and I promise to read that book when I get 5 mins to spare:p

Matt

whizard
01-09-2007, 10:02 PM
Sorry, I was a little unclear

I meant more like this:



$colname_rsprod = "-1";
if (isset($_GET['ApertureID'])) {
$colname_rsprod = (get_magic_quotes_gpc()) ? $_GET['ApertureID'] : addslashes($_GET['ApertureID']);
$colname_rsprod = explode(",",$colname_rsprod);
//Now colname_rsprod should be array holding each value for ApertureID
}
$colname2_rsprod = "-1";
if (isset($_GET['TypeID'])) {
$colname2_rsprod = (get_magic_quotes_gpc()) ? $_GET['TypeID'] : addslashes($_GET['TypeID']);
$colname2_rsprod = explode(",",$colname2_rsprod);
//Now colname2_rsprod should be array holding each value for TypeID

}
mysql_select_db($database_mydatabase, $mydatabase);
$query_rsprod = sprintf("SELECT ProductID, ProductName, Specifications, `Description`, SmallImage, sold.Sold, products.`Online`, aperture.ApertureID, products.ApertureID, products.TypeID, producttypes.TypeID FROM products, sold, aperture, producttypes WHERE products.`Online` = 1 AND products.SoldID = sold.SoldID AND products.ApertureID = aperture.ApertureID AND products.TypeID = producttypes.TypeID AND products.TypeID = %s AND products.ApertureID = %s ORDER BY products.ProductID", GetSQLValueString($colname2_rsprod, "int"),GetSQLValueString($colname_rsprod, "int"));
$query_limit_rsprod = sprintf("%s LIMIT %d, %d", $query_rsprod, $startRow_rsprod, $maxRows_rsprod);
$rsprod = mysql_query($query_limit_rsprod, $snb) or die(mysql_error());
$row_rsprod = mysql_fetch_assoc($rsprod);


Changes are around the comments

HTH
Dan

Mellowchimp
01-09-2007, 11:45 PM
Still no joy.........

I have tried striping out the magic quotes and strip slashes but with or without these are now returning no records.

Any idea anyone?

Matt

Edit - Is this effected because I am trying to return values from the same var, ie, index.php?param1=1,2,3&param2=1,2,3 or index.php?param1=1&param1=2&param1=3&param2=1&param2=2&param2=3.

Mellowchimp
01-10-2007, 06:12 PM
bump :)

CFMaBiSmAd
01-10-2007, 06:35 PM
Passing the parameters as a list of values 1,2,3 does work. In your earlier post - index.php?TypeID=1,2,3&ApertureID=1,2 results in the following:

GET data -
Key: TypeID, Value: 1,2,3
Key: ApertureID, Value: 1,2

The problem is that you need to correctly form the query string and for troubleshooting purposes, echo the query string to make sure it contains the expected contents.

To form a query that will match any of the values in a list (I am assuming that these ID's are integers, but this will work for strings) you need to use the IN (...) operator, something like this -

SELECT ... WHERE ... your_column IN (1,2,3)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum