phpself and && <- think this is wrong (simple)

Grant_Cooper

$SQL = "SELECT * FROM verification, location, description ,specials,activities WHERE verification.bar_id = location.bar_id && verification.bar_id = specials.bar_id;

echo("<a href=\"$PHP_SELF?page=$back_page&limit=$limit&SQL=$SQL\">back</a>\n");}

When the page refreshes I am only getting the first part up to the first &&. I have been trying to hard wire this but need some help? What's the secret to sending to && in one querry.

						  :confused:

Thanks in Advance.

Bunkermaster

try to [MAN]urlencode[/MAN] your string.

I wouldn't pass a SQL query as a querystring if I were you but...

Grant_Cooper

I made the changes you suggested and got half way. I have another problem.

SQL: SELECT * FROM verification, location, description ,specials,activities WHERE verification.bar_id = location.bar_id && verification.ver_add_to_public=\'Yes\'&& location.loc_city=\'Medicine Hat\'

To fix the ' problem I used the following 2 commands.

$SQL2 = htmlspecialchars($SQL2, ENT_QUOTES); // to convert single quotes
$SQL2 = urlencode($SQL2);

SQL: SELECT * FROM verification, location, description ,specials,activities WHERE verification.bar_id = location.bar_id && verification.ver_add_to_public='Yes'&& location.loc_city='Medicine Hat'

These are print outs. Well from what I can tell this querry is correct but I believe there are hidden characters for the single quotes because if I take off the 'Yes' and 'Medicine Hat' everything works.

Wien

You need to do 3 things :
1) Protect the string in your SQL query using addslashes
SELECT ... FROM ... WHERE Field1 = " . addslashes($MyString) . " AND .....

2) Urlencode the whole SQL query if you pass it by URL
urlencode($SQL);

3) Urldecode your SQL query when you receive it
urldecode($SQL);

As Bunkermaster said you'd better pass the var only (URL or HIDDEN fields) and build your query in the other page