0

I have a table named: "m & m (12-11-15 at 11:11)-Ca:16:20:06-ai" and my sql query is:

 $queryac="SELECT * 
           FROM `$actiontable` 
           WHERE (Assignedto LIKE '%$username%' 
                  OR Assignedby='$username')";

PHP code for the variables is:

 $table=$_GET['id'];

 $actiontable=$table.'-ai';
 id=m+%26amp%3B+m+%2812-11-15+at+11%3A11%29-Ca%3A16%3A20%3A06

(I have tried urldecode($_GET['id']), but it does not work either)

Echoed query is:

SELECT * FROM `m & m (12-11-15 at 11:11)-Ca:16:20:06-ai` WHERE (Assignedto LIKE '%[email protected]%' OR Assignedby='[email protected]')

Table name from mysql: m & m (12-11-15 at 11:11)-Ca:16:20:06-ai

Error that I get:

 Table 'alsonsrn_actionitems.m & m (12-11-15 at 11:11)-Ca:16:20:06-ai'

(Although the table exists)

When I echo $actiontable, I get m & m (12-11-15 at 11:11)-Ca:16:20:06-ai, which is exactly what my table name is but the query does not work. When I enter the same echoed value manually instead of the variable the query works. What could be the reason of it??

Note: The same query works for the table names that do not consist of "&"

Improve this question
4
  • "id" is the ouput of $_GET['id'] ? Try to urldecode $table before putting it in $actiontable Commented Nov 21, 2015 at 7:49
  • I have tried it before, it does not work either Commented Nov 21, 2015 at 7:50
  • And with rawurldecode? If you put a var_dump( $actiontable ) the output must be the same string of the table name Commented Nov 21, 2015 at 7:54
  • It does not work with rawurldecode either and with var_dump it gives string(44) "m & m (12-11-15 at 11:11)-Ca:16:20:06-ai" Commented Nov 21, 2015 at 8:00

1 Answer 1

Reset to default
1

I made some tests. To get the correct string back I used:

$id = 'm+%26amp%3B+m+%2812-11-15+at+11%3A11%29-Ca%3A16%3A20%3A06';
var_dump( html_entity_decode( urldecode( $id ) ) );

Output is:

string(37) "m & m (12-11-15 at 11:11)-Ca:16:20:06"

Try it.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Your encoded string isn't simply urlencoded, I noticed later the %26amp%3B part, which is entity translated (with htmlentities probably). So you need to decode also the entities

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.