php pass and get parameter

Question

<?php $daerah_ejen1 = "$_GET[daerah_ejen]";
$kumpulan_ejen1 ="$_GET[kumpulan_ejen]";

echo $daerah_ejen1;
echo $kumpulan_ejen1;
echo $kumpulan_ejen;

$sql= "SELECT * FROM data_ejen WHERE daerah_ejen= '$daerah_ejen1' AND kumpulan_ejen='Ketua Kampung' ORDER BY nama_ejen";
$result = mysql_query($sql) or @error_die("Query failed : $sql " . mysql_error());
?>

my url

laporan_kk_detail.php?daerah_ejen=HULU+LANGAT&kumpulan_ejen=Ketua Kampung

for output daerah_ejen variable has display, but for kumpulan_ejen/kumpulan_ejen1 is not display.

i dont know where the problem

You are echo $kumpulan_ejen; but you don't seem to have set $kumpulan_ejen anywhere. You've only set $kumpulan_ejen1 — Darren
– Darren, Commented Apr 2, 2014 at 7:23

Community · Accepted Answer · 2017-05-23 12:20:53Z

3

your quotes accessing $_GET variable is invalid. try this

<?php 
  $daerah_ejen1 = $_GET["daerah_ejen"];
  $kumpulan_ejen1 =$_GET["kumpulan_ejen"];

and you should read something about security, because you can pass malicous code to your script!

edit:// you can have a look on this thread https://stackoverflow.com/questions/19539692/sanitizing-user-input-php

edited May 23, 2017 at 12:20

CommunityBot

11 silver badge

answered Apr 2, 2014 at 7:24

easteregg

5094 silver badges9 bronze badges

Sign up to request clarification or add additional context in comments.

4 Comments

krishna Over a year ago

the first part of your answer is wrong. you can access the way the OP used.

easteregg Over a year ago

but than, the 'daerah_ejen' for example will be treated as an constant, and since its not defined, its cast to a string. this is quite bad practise and raise notices within your application. so its just a lucky incident, that this actually works!

krishna Over a year ago

can you tell me what kind notice you was talking about ?

lawrenceshen Over a year ago

If your error_reporting and display_error php setting is switched on, you may see notice such as this: "Notice: Use of undefined constant daerah_ejen - assumed 'daerah_ejen'.

Community · Accepted Answer · 2023-11-17 19:53:52Z

3

you are converting get values in string using double quotes so remove and try

$daerah_ejen1 = $_GET['daerah_ejen'];
$kumpulan_ejen1 =$_GET['kumpulan_ejen'];

also use mysql_real_escape_string() for prevent sql injection.

edited Nov 17, 2023 at 19:53

CommunityBot

11 silver badge

answered Apr 2, 2014 at 7:25

Rakesh Sharma

13.7k5 gold badges41 silver badges44 bronze badges

Comments

W.K.S · Accepted Answer · 2014-04-02 07:30:43Z

0

The quotes go around the parameter name. This is because $_GET[] is an associative array and its values are referenced using a string key

$daerah_ejen1 = $_GET['daerah_ejen'];

$kumpulan_ejen1 =$_GET['kumpulan_ejen'];
Always sanitize your parameter values before using them in a query to protect yourself against SQL injection.

$daerah_ejen1 = mysqli::real_escape_string($daerah_ejen1)

answered Apr 2, 2014 at 7:30

W.K.S

10.2k15 gold badges78 silver badges126 bronze badges

Comments

user3454436 · Accepted Answer · 2014-04-02 07:31:58Z

0

You face 2 problem on your code :

1st is :

$daerah_ejen1 = "$_GET[daerah_ejen]";
$kumpulan_ejen1 ="$_GET[kumpulan_ejen]";

replace it by this :

 $daerah_ejen1 = $_REQUEST['daerah_ejen'];
$kumpulan_ejen1 =$_REQUEST['kumpulan_ejen'];

2nd is :

$sql= "SELECT * FROM data_ejen WHERE daerah_ejen= '$daerah_ejen1' AND kumpulan_ejen='Ketua Kampung' ORDER BY nama_ejen";

replace it by this :

$sql= "SELECT * FROM data_ejen WHERE daerah_ejen= '".$daerah_ejen1. "' AND kumpulan_ejen='Ketua Kampung' ORDER BY nama_ejen";

answered Apr 2, 2014 at 7:31

user3454436

2311 gold badge4 silver badges15 bronze badges

7 Comments

krishna Over a year ago

can you tell me why you advice the OP to replace the $_GET to the way you have used ?

W.K.S Over a year ago

The second problem is not a problem. You can write "'$variable'" inside double quotes and get the desired result.

user3454436 Over a year ago

$_REQUEST represent $_GET and $_POST. I used $_REQUEST is easier your code which no need care about which $_GET or $_POST should use.

krishna Over a year ago

the question was asked before you change $_GET to $_REQUEST. And as said by W.K.S the second problem you mentioned was not a problem.Also changing to $_REQUEST will no way solve the problem

user3454436 Over a year ago

i recommend 2nd problem it more safety for your code.

|

ponciste · Accepted Answer · 2014-04-02 07:32:21Z

0

If you need to put the $_GET['name'] in double quotes, wrap it in {} brackets.

e.g.

$kumpulan_ejen1 ="{$_GET['kumpulan_ejen']}";

Also, as dbh pointed out, you only have $kumpulan_ejen1, not kumpulan_ejen.

edited Apr 2, 2014 at 7:32

ponciste

2,22916 silver badges16 bronze badges

answered Apr 2, 2014 at 7:28

lawrenceshen

711 silver badge2 bronze badges

Collectives™ on Stack Overflow

php pass and get parameter

5 Answers 5

4 Comments

Comments

Comments

7 Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

4 Comments

Comments

Comments

7 Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related