Passing $_GET data to a query

  • Just like it sounds, I have a script passing a user name to the next page using the header redirect;

    https://www.mydomain.com?id=$user_id

    So what is the syntax to get that variable into a query string like;

    “(SELECT firstname, lastname, email from tablename WHERE id = ‘$_GET[id]’)”;

    I tried it just like that and no dice. Dos it need echo’d or placed into another variable first?

Viewing 4 replies - 1 through 4 (of 4 total)

  • try this:

    "(SELECT firstname, lastname, email from tablename WHERE id = '{$_GET['id']}'";

    or

    $userid = $_GET['id'];
"(SELECT firstname, lastname, email from tablename WHERE id = '{$userid}'";

    hope that helps.

    rj

    Rjregenold’s second example is better, with a slight modification:

    Instead of $userid = $_GET['id']; you should be using $userid = (isset($_GET['id'])) ? $_GET['id'] : '';

    With that approach, you won’t get an error if “id” is not set.

    That’s very helpful. Thanks. I’m just learning PHP. ??

    Caution! – pizdin_dim’s method is the correct way to go but you should never put $userid or $_GET[anything] straight into a database query without checking it first. If it should be a numeric string, then check the string contains only numbers, if it should be a string, strip out tags and any unacceptable special characters. Read up about SQL injection attacks…

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Passing $_GET data to a query’ is closed to new replies.