|
|
Posted by shimmyshack on 03/21/07 17:17
On 21 Mar, 16:54, "Lennart Anderson" <lennart.ander...@tele2.se>
wrote:
> "shimmyshack" <matt.fa...@gmail.com> skrev i meddelandetnews:1174495509.099426.305700@e65g2000hsc.googlegroups.com...
>
>
>
> > On 21 Mar, 15:24, "Lennart Anderson" <lennart.ander...@tele2.se>
> > wrote:
> >> I want to present a table with main data. Each revord will have a field
> >> acting like a link to a new page with detailed data on the selected
> >> record.
> >> My problem is that I can't get the record-ID parsed into the link
> >> parameter.
> >> Whatever I do will just let my $_GET['id'] give me what is after the
> >> equal-sign in the link prameter.
> >> The code is:
> >> while($row = mysql_fetch_object($result))
> >> {
> >> $mid = ($row->catid);
> >> $name = ($row->catname);
> >> echo '<tr>';
> >> echo '<td >' . $mid . '</td>';
> >> echo '<td>' . '<a href="advertinfo.php?id=$mid">' . $name . '</a></td>';
> >> echo '</tr>';
> >> }
> >> echo '</table>';
>
> >> In this case the $_GET on advertinfor.php will only give me $mid.
> >> I think the problem might be in the quotes but I also think I have tested
> >> every possible combinaion without success.
> >> Any solution or hint is very much appreciated.
>
> > have you tested this combination?
> > $mid = 'test';
> > echo '<td><a href="advertinfo.php?id=' . $mid . '">' . $name . '</a></
> > td>';
>
> EUREKA
> I have tested your suggestion now and it work.
> Don't know how to thank you.
> Now I can keep some of the hair on mu head instead of rubbing it o0f in deep
> frustration.
> Again thanks for the hint
cool, now make sure that you are secure by filtering the data that
comes from your database,
so I would actually do this:
while($row = mysql_fetch_object($result))
{
$mid = urlencode($row->catid);
$name = htmlentities($row->catname);
echo '<tr>';
echo '<td >' . $mid . '</td>';
echo '<td>' . '<a href="advertinfo.php?id=' . $mid . '">' . $name .
'</a></td>';
echo '</tr>';
}
echo '</table>';
unless you use utf-8 as the primary character set in which case use
htmlentities('string',ENT_QUOTES,'UTF-8');
It seems weird doesn't it, protecting your application against
characters from your *own* database, but this is the world we live in.
Navigation:
[Reply to this message]
|