Forums

Using $_GET from within WHERE statement

juntaar 08 Apr, 2009
Hi All,

I'm trying to create a common connection that lists all entries for one particular user. I've tried to use the WHERE section to accomplish this as follows:

<?php
if((!isset($_GET['name'])) || (!isset($_GET['surname'])))
{
echo "Invalid Parameters";
die();
}
else
{
$name = $_GET['name'];
$surname = $_GET['surname'];
}
echo "WHERE 'name' = '<?php echo $name; ?>' AND 'surname' = '<?php echo $surname; ?>' ";
?>


I am passing the variables to the script via appending a
?name=John&surname=Citizen
to the end of the connector URL.

However it doesn't function as I expected - I have the following code in the header section:
<?php
$user =& JFactory::getUser();
if(!$user->aid == 2)
{
echo "Invalid Permissions";
die();
}
?>
<h1>Member Details</h1>
<h3>{name} {surname}</h3>
?>


It appears that it cannot retrieve the data as passed in via php - is there anything stopping it reading variables via $_GET? Or is there some other way to acheive this functionality using the connector?
GreyHead 08 Apr, 2009
Hi Juntaar,

In this line
echo "WHERE 'name' = '<?php echo $name; ?>' AND 'surname' = '<?php echo $surname; ?>' ";
you have PHP tags inside PHP tags and the quoting is incorrect MySQL column names need to be in `` backticks:
echo "WHERE `name` = '$name' AND `surname` = '$surname' ";
Not tested but this should to the trick.

A 'better' Joomla version of your code would be like this:
<?php
$name = JRequest::getString('name', '', 'get');
$surname = JRequest::getString('surname', '', 'get');
if ( !$name || !$surname ) {
  echo "Invalid Parameters";
  die();
} else {
  $db =& JFactory::getDBO();
  echo "WHERE $db->NameQuote('name') = $db->Quote($name) 
    AND $db->NameQuote('surname') = $db->Quote($surname)  "
?>

Bob
This topic is locked and no more replies can be posted.