2

I am new in php and I don't know how to execute SQL query for where clause with php parameter from url please help me.

Url: http://myurl.com/eng.php?name=fab

PHP Code

 <?php
 header('Content-Type: application/json; charset=utf-8');
 $mysqli = new mysqli ( 'localhost', 'mabhim92', '9993115300', 'gcm_chat');
 //PROBLEM LANGUAGE ?????
if( function_exists('mysql_set_charset') ){
mysqli_set_charset($mysqli , 'utf8');
}else{
 mysqli_query($mysqli , "SET NAMES 'utf8'");
}
 // Check if album id is posted as GET parameter
$id = intval($_GET['name']);
$myq = $mysqli ->query ("SELECT * FROM  gkfordate WHERE monthforgk=$id");   
   while ($myr = $myq->fetch_assoc()) {
        $array["Questions"][] = (array(   
    'month'      => $myr['monthforgk'],
    'date' => $myr['dateforgk'],
     ));
  }
  echo json_encode($array, JSON_UNESCAPED_UNICODE);
   ?>

Result: In my database table only two columns monthforgk and dateforgk

{
 "Questions": [
{
  "month": "jan",
  "date": "2016-04-13 20:30:49"
},
{
  "month": "jan",
  "date": "2016-04-13 20:30:49"
},
{
  "month": "jan",
  "date": "2016-04-13 20:30:49"
},
{
  "month": "fab",
  "date": "2016-04-13 20:30:49"
},
{
  "month": "fab",
  "date": "2016-04-13 20:30:49"
}
]
}

If I pass parameter for name=fab so why give me all result from database.

Improve this question
5
  • what you want to get Commented Apr 14, 2016 at 6:15
  • If your monthforgk values are strings - jan/fab, etc, then why are you doing $id = intval($_GET['name']);? You are basically doing ... WHERE monthforgk=1 Commented Apr 14, 2016 at 6:17
  • please see query result for monthforgk = fab. Commented Apr 14, 2016 at 6:17
  • @Sean so what can I do result only for monthforgk = fab using param Commented Apr 14, 2016 at 6:19
  • 1
    instead of $id = intval($_GET['name']); you would do $id = $mysqli->real_escape_string($_GET['name']); (to sanitize the $_GET). And then quote the value in your query -> ... WHERE monthforgk= '$id' ", as the value is a string, not an int. Commented Apr 14, 2016 at 6:20

2 Answers 2

Reset to default
4

you try with query

"SELECT * FROM  gkfordate WHERE monthforgk='$id'";
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

You are running the query string through the intval() function, which returns the integer value of the string 'fab' which is 0.

Try this:

echo 'intval of fab = '.intval('fab');

What you need is simply this:

if(isset($_GET['name'])){
    $id = $mysqli->real_escape_string($_GET['name']);
}

And then in the query:

$myq = $mysqli ->query ("SELECT * FROM  gkfordate WHERE monthforgk='$id'");
Improve this answer

1 Comment

It would be better if you recommended $id = $mysqli->real_escape_string($_GET['name']); instead of $id = $_GET['name'];

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.