Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

PHP - Tags in URL seperated by +

  • 18-06-2011 2:50pm
    #1
    Closed Accounts Posts: 27,857 ✭✭✭✭


    Hi there,

    What I'm trying to do is pass parameters to a script by appending them to the URL. The only way I know how to do this is using $_GET, which requires you do have different variables seperated by an ampersand.

    But the values I'd like to pass are all for the same column in a table, so I'd like to not have to specify a variable name if possible.

    At the moment what I'm doing looks like this:

    ?c_id8=y&c_id9=y&c_id2=y&c_id10=y

    Which is obviously bullshít :p

    I've seen URLs with parameters/tags/search terms seperated by plus signs, something like:

    ?search=8+9+2+10

    Can I do this? And how would I then retrieve the values from the URL?

    Thanks


Comments

  • Registered Users, Registered Users 2 Posts: 67 ✭✭The Gibmiester


    Not sure about the plus signs. You could try putting the column ids into one url variable and separate them with a delimiter character. You could then split the variable into an array.

    E.g.
        $ids = explode(":", $_GET['cols']);
        foreach ($ids as $id)
            echo $id."<br />";
    
    and have the URL like so ...domain.com/filename.php?cols=w:x:y:z


  • Closed Accounts Posts: 27,857 ✭✭✭✭Dave!


    Nice one, I worked that much out eventually. At the moment I've got the parameters in the URL as:

    ?search=8+2+10+11

    Then using the following to decode the terms:
    $terms = urldecode($_GET['search']);
    $pieces = explode(" ", $terms);
    foreach($pieces as $piece) {
    	$search .= $piece . ", ";
    }
    //the above leaves me with eg. the following:
    //8, 2, 10, 11,
    
    $query = "select * from channels where c_id in(". $search .")";
    $result = mysql_query($query) or die("This didn't work..." . mysql_error());
    while ($row = mysql_fetch_array($result)) {
    	$table .= "<div>ID: ". $row['c_id'] ."<br />Name: ". $row['c_name'] ."</div>";
    
    //the above doesn't work because I end up with a stray comma at the end
    }
    

    I'm sure there's a function that could be used to remove the comma at the end, but I'm sure there's a better way to go about this, given how prevalent it is to seperate search terms with a plus sign...


  • Registered Users, Registered Users 2 Posts: 67 ✭✭The Gibmiester


    You could add a check in the for loop to see if it is the last element in the array or not, you don't to concat a comma if it is the last element.
            $terms = urldecode($_GET['search']);
            $pieces = explode(" ", $terms);
            for ($i = 0; $i < sizeof($pieces); $i++) {
                if($i == (count($pieces) -1))
                    $search .= $pieces[$i];
                else
                    $search .= $pieces[$i] . ", ";
            }
    
    Seems a bit long though, there probably is a better way.


  • Closed Accounts Posts: 27,857 ✭✭✭✭Dave!


    Cheers boss,

    Yeah that's a bit of a messy way of doing it, but it does work :) Not sure if I should be throwing in some security/sanitization functions too, probably.

    If anyone else wants to chip in any suggestions, go for it! For the time being, we'll go with the above :p


  • Registered Users, Registered Users 2 Posts: 26,584 ✭✭✭✭Creamy Goodness


    use implode() so you don't have to check the last element in the array

    eg.

    [php]
    $pieces = explode(" ", $terms);
    $search = implode(', ', $pieces);
    [/php]

    will make your code more efficient as it cuts out the foreach loop on the pieces. implode() will leave you with a string.

    also TREAT ALL UN SANITIZED DATA AS HOSTILE DATA so if this is for production SANITIZE inputs or it if it's for college project sanitize anyways as it's good practice.


  • Advertisement
  • Closed Accounts Posts: 27,857 ✭✭✭✭Dave!


    Thanks! Implode works well :)

    It's neither for college or production, just a personal project really. What functions would you recommend using in the above? And at what point?

    Cheers


  • Registered Users, Registered Users 2 Posts: 67 ✭✭The Gibmiester


    Will you always have 4 parameters? If so just hard code them and eliminate the for loop.
    $terms = urldecode($_GET['search']);
    $pieces = explode(" ", $terms);
    $search = $pieces[0].", ".$pieces[1].", ".$pieces[2].", ".$pieces[3];
    
    As for security you should probably wrap the code in an if statement checking that the search variable is not empty. And also use the mysql_real_escape_string() function on the $search variable to try to prevent database hacks. If you do use it you may also need to strip slashes depending on your data and the get_magic_quotes_gpc configuration.


Advertisement