ansaurus

Question

How to fetch QueryString values without using GET?

Answer 1

+2 A:

Ummm. $_GET['DivName'] should be one piece of your data. Just to note

Don't build the query string yourself. Build a JS array and use a javascript library (I recommend JQuery) to do the QS creation
The = shouldn't have spaces
Passing an SQLQuery in your params is A BAD IDEA. I will quickly hack your app, the second I see that. Look up little bobby tables.

Paul Tarjan 2009-11-21 08:38:49

-1 If he's not already using it, bringing in jQuery just to make a query string is a horrible idea and outright overkill. +1 for pointing out the security flaw with the sql parameter.

Justin Johnson 2009-11-21 08:46:22

+1 for spaces, which is why the OP thinks PHP isn't picking up the input. An underscore will take the place of spaces in key names.

outis 2009-11-21 09:05:36

Answer 2

+3 A:

You might be able to use $_REQUEST['...'], which will both respond to params sent via POST|GET.

nowk 2009-11-21 08:44:50

you may also want to remove those spaces between the =ex: ?DivName = " + DivName + "try ?DivName=" + DivName + "

nowk 2009-11-21 08:46:04

@nowk: Thanks it worked.

RPK 2009-11-21 09:15:39

Answer 3

A:

Are you sure you're using $_GET and not $GET or something else. If it's really broken (which might be due to some sort of config issue, but I haven't heard of this happening before). $_REQUEST might work for you, or you can try to get the query string from $_SERVER['QUERY_STRING'], but you'll have to parse it yourself.

As Paul Tarjan pointed out in his question, the query string is not correct nor is safe to pass SQL queries to a PHP script. They should always be generated server side with strict sanitation on any user provided data.

Justin Johnson 2009-11-21 08:57:20

@Justin: I am using $_GET and not $GET.

RPK 2009-11-21 09:12:43

ansaurus

tags:

views:

answers:

How to fetch QueryString values without using GET?

related questions