cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
ShowĀ Ā onlyĀ  | Search instead forĀ 
Did you mean:Ā 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • EspaƱol
      • FranƧais
      • PortuguĆŖs
  • ę—„ęœ¬čŖžć‚³ćƒŸćƒ„ćƒ‹ćƒ†ć‚£
    Dedicated community for Japanese speakers
  • ķ•œźµ­ ģ»¤ė®¤ė‹ˆķ‹°
    Dedicated community for Korean speakers
Exit
0
Upvote

How do you pass two URL parameters to a page in PHP

whatalotofrubbish
Engaged ,
Jan 17, 2014 Jan 17, 2014

Copy link to clipboard

Copied

The following bit of code is based on some David Powers code in his book PHP solutions - a book to be highly recommended :

'<a href= "'. $_SERVER['PHP_SELF']. '?curpage=' .($curpage+1) .'" &gt; Next &gt; </a&gt;';

This is used to navigate from page to page  and when clicked, produces a URL ending

.showflagsab?curpage=3


It works fine when the SQL Query is something like "SELECT * from table"

However, my SQL Query is like "SELECT * from table where ID= 5", so as well as passing the current page variable, I also need to pass the ID variable.

It would show like showflagsab.php?curpage=3&id=5


I spent ages trying to get the syntax correct, but so far have not succeeded.

Can you help?

Howard Walker


TOPICS
Server side applications

Views

14.4K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

BazBat
Engaged , Jan 17, 2014 Jan 17, 2014

you just need to add  &$VAR= to the end of your link

'<a href ="' .$_SERVER['PHP_SELF'] . '?curpage=' .($curpage+1) .'&id='.$yourid.'"> link </a> '

Careful with SQL injection though your going to have to check that the value of the id is valid, something like (if your using PDO):

stored_procedure = "select user from user_db where id = ? LIMIT 1;

sql_execute_with_param(stored_procedure, input_id);

Votes

Translate

Translate
replies 3 Replies 3
latest latest Jump to latest reply
BazBat
Engaged ,
Jan 17, 2014 Jan 17, 2014

Copy link to clipboard

Copied

you just need to add  &$VAR= to the end of your link

'<a href ="' .$_SERVER['PHP_SELF'] . '?curpage=' .($curpage+1) .'&id='.$yourid.'"> link </a> '

Careful with SQL injection though your going to have to check that the value of the id is valid, something like (if your using PDO):

stored_procedure = "select user from user_db where id = ? LIMIT 1;

sql_execute_with_param(stored_procedure, input_id);

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
whatalotofrubbish
Engaged ,
Jan 17, 2014 Jan 17, 2014

Copy link to clipboard

Copied

In Response To BazBat

Thanks for that - worked a treat and I came up with :

'<a href= "'. $_SERVER['PHP_SELF']. '?curpage=' .($lastpage) . "&id=" .($t).'" > LAST &gt; </a>';

SQL injection - I am pulling out the data direct from a database with no user access - does that still need to be checked for injection?

I am using MySQLI which will need another syntax.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BazBat
Engaged ,
Jan 17, 2014 Jan 17, 2014

Copy link to clipboard

Copied

LATEST
In Response To whatalotofrubbish

Yes as you are using URL variables someone could exploit it by typing in the link with the URLs, get into the habbit of doing it now, its only a couple of extra lines and your love yourself for it going foward. Read up on PDO (most used outside of MySQLi)

If there where to input one of the following as a URL var:

' or '1'='1' -- '

' or '1'='1' ({ '

' or '1'='1' /* '

it would change the SQL to read :

SELECT * FROM table WHERE col = '' OR '1'='1';

SELECT * FROM table WHERE col = '' OR '1'='1' -- ';

If your using MySQLi then use:

mysqli_real_escape_string()

and

stripslashes()

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright Ā© 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices