if i have this url http://mypage.net/index.php?p=stuff how can i get "stuff" into a variable called $stuff ? the text after "index.php?p=" can change so everyting that is writen after the = i want to be putt in $stuff when the page is loaded, how can this be done ?
If it always remains ?p then: $stuff = $_GET['p']; PHP: If it doesn't you can: $stuff = end(explode('=', $_SERVER['REQUEST_URI'])); PHP: Be sure to validate/sanitize $stuff.
thank you! I ran in to another problem now you might be able to help me with ? at the top of my file i have $stuff = $_GET['p']; $stuff = end(explode('=', $_SERVER['REQUEST_URI'])); PHP: then a bit down i have the following right now to test if it work and it do not :/ case '$stuff': $sql = 'SELECT * FROM `quotes` where game = \'$stuff\' LIMIT 0, 30 '; $r = $db->_sql($sql); while ($row = $db->fetch_row($r)) { $tpl->set('q_id', $row['id']); $tpl->set('q_rating', $row['rating']); $tpl->set('quote', $row['quote']); $sql = "SELECT ip FROM ".$_qdbs[tpfx]."votes WHERE id='".mysql_real_escape_string($row['id'])."' AND ip='".mysql_real_escape_string($ip)."'"; $r2 = $db->_sql($sql); $row2 = $db->fetch_row($r2); if ($row2['ip'] != $ip) { $rate = $tpl->fetch($tpl->tdir.'quote_rate.tpl'); $tpl->set('q_rate', $rate); } else { $tpl->set('q_rate', ''); } print($tpl->fetch($tpl->tdir.'game.tpl')); } PHP: why wont this work? let's say $stuff is "bioshock" if i run SELECT * FROM `quotes` where game = \'bioshock\' LIMIT 0, 30 in my database i get results, bit when i go to http://mypage.net/index.php?p=bioshock i get no result at all :/
Suggestions: - Consider using sprintf() within your queries - to avoid problems with quotes. - Sanitize/escape user inputs ($_GET, $_POST, $_REQUEST, $_COOKIE) before using it within queries to avoid potential sql injection and sql parsing issues, use mysql_real_escape_string() for strings, and intval() (or the (int) typecast) for integers - refer to the documenation for more info. - Try to avoid using the * wildcard within your queries, as it can make your site slow if your db is large. - I don't know why you were escaping data from $row, as it should be escaped already if it came from the db. - Don't wrap single quotes around variables such as '$stuff', use double quotes or no quotes at all - as the variable won't be parsed. Try this, I cleaned up your code a bit as it was a mess: <?php if (isset($_GET['p'])) { $game = mysql_real_escape_string($_GET['p']); $sql = sprintf("SELECT id, rating, quote FROM quotes WHERE game = '%s' LIMIT 0,30", $game); $r = $db->_sql($sql); while ($row = $db->fetch_row($r)) { $tpl->set('q_id', $row['id']); $tpl->set('q_rating', $row['rating']); $tpl->set('quote', $row['quote']); $sql = sprintf("SELECT ip FROM %s votes WHERE id = '%s' AND ip = '%s'", $_qdbs['tpfx'], $row['id'], $ip); $r2 = $db->_sql($sql); $row2 = $db->fetch_row($r2); if ($row2['ip'] != $ip) { $rate = $tpl->fetch($tpl->tdir . 'quote_rate.tpl'); $tpl->set('q_rate', $rate); } else { $tpl->set('q_rate', ''); } print($tpl->fetch($tpl->tdir . 'game.tpl')); } } ?> PHP: