0

Hi,

A user go to search.php and input the term. If the user want to search for an exact prhase it add to the search term " " just like Google do.

Example:

"apple"

But when the variable is passed to search_results.php it look like this:

//search_results.php
$var = $_GET['search_field'];

echo "User term: " . $var; // display \"apple\"
....

MySQL Query =...

I don't know why PHP add that \ to the string.

4
Contributors
5
Replies
6
Views
8 Years
Discussion Span
Last Post by kako13
0

its because it is escaping the " character. Think about it if it echoed it straight out it would end up messing up the code.

Look up htmlentities and and encode it with ENT_QUOTES

$var = htmlentities($_GET, ENT_QUOTES);

Unless you really, REALLY trust your users, you need to validate $_GET; especially if you use that in your MySQL query

0

This is nothing to do with PHP, its all to do with the browsers trying to "URL Encode" the strings.

0

its because it is escaping the " character. Think about it if it echoed it straight out it would end up messing up the code.

Look up htmlentities and and encode it with ENT_QUOTES

$var = htmlentities($_GET, ENT_QUOTES);

Unless you really, REALLY trust your users, you need to validate $_GET; especially if you use that in your MySQL query

Well the issue is that I need the user to be able to use " " in order to search for an exact phrase under MySQL Full Text Search In Boolean Mode. So how I can do it? Moreover, Can you give me a hint with the validation? Az-0-9 +,-," "

0

There are two possibilities to solve this problem. One is that if you are getting php to write a link with non alpha/numeric characters then simply use the urlencode() function. If however you are using a form with method=get and posts those characters into the url automatically then simply use the stripslashes() function on your $_GET tag. Below is an example of both cases:

<?
//example one
$id=urlencode('$@^*$@#%asdf23049582034985');
echo '<a href="index.php?id='.$id.'">test</a>';

//example two
$_GET['variable']=stripslashes($_GET['variable']);
echo $_GET['variable'];
?>

That will give you something to try and google about.

0

There are two possibilities to solve this problem. One is that if you are getting php to write a link with non alpha/numeric characters then simply use the urlencode() function. If however you are using a form with method=get and posts those characters into the url automatically then simply use the stripslashes() function on your $_GET tag. Below is an example of both cases:

<?
//example one
$id=urlencode('$@^*$@#%asdf23049582034985');
echo '<a href="index.php?id='.$id.'">test</a>';

//example two
$_GET['variable']=stripslashes($_GET['variable']);
echo $_GET['variable'];
?>

That will give you something to try and google about.

Thanks. The second method work.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.