0

I have an issue passing string value using query string in PHP. I am using a PhpMyAdmin database.

Below is my query string :

http://192.168.0.106/PHP/webservice/comments.php?city_town='Vadodara'

and my php code is as below : 

if(isset($_GET["city"])){
    @$city = $_GET["city"];

//echo $city;
$query = "select * from shop_detail where city_town ='". $city ."' ";
Improve this question
2
  • Looks like problem is you are getting "city" instead of "city_town" Commented Jun 3, 2015 at 13:20
  • 1. PHP name differs from element. 2. You have quotes in the value being passed in. 3. You're open to SQL injections with this code, separate user input from query. 4. Don't use @. Don't suppress errors. Commented Jun 3, 2015 at 13:22

1 Answer 1

Reset to default
1

Use city_town not city And use mysqli_real_escape_string to prevent sql injection and also table and column name in backtick

if(isset($_GET["city_town"])){
    $city = mysqli_real_escape_string($conn,$_GET["city_town"]);

//echo $city;
$query = "select * from `shop_detail` where `city_town` ='". $city ."' ";
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The mysqli_real_escape_string requires the connection, no? Also it's not clear to me that the OP is using mysqli. I'd just point the OP to this thread for SQL injection prevention, stackoverflow.com/questions/60174/….

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.