PHP: Passing URL Parameter in IF and ELSE statement

Question

I'm trying to pass an URL parameter in an IF and ELSE statement. This is how the initial code looks like with just the link and without the parameter:

 <?php 

    if ($row_checklist_finding_final['item_class'] == "Major")   
    {
        echo '<a href="UserNCR.php">Go to NCR</a>';
    }

    else
    {
        echo '<a href="UserOFI.php">Go to OFI</a>';
    }
?>

Usually when I'm trying to pass an URL parameter I use this code (this is without if and else statement:

<a href="UserNCR.php?item_id=<?php echo $row_checklist_finding_final['item_id']; ?>">
    Go to NCR
</a>

So what I did is, I use my usual way of putting the parameter in the link like this. The parameter name is item_id which is equal to value $row_checklist_finding_final['item_id']

<?php 
    if ($row_checklist_finding_final['item_class'] == "Major")   
    {
        <a href="UserNCR.php?item_id=<?php echo $row_checklist_finding_final['item_id']; ?>">Go to NCR</a>
    }

    else
    {
        '<a href="UserOFI.php">Go to OFI</a>';
    }
?>

I also tried removing the redundant <?php ?> like this:

  <?php 
    if ($row_checklist_finding_final['item_class'] == "Major")   
    {
        <a href="UserNCR.php?item_id= echo $row_checklist_finding_final['item_id'];">Go to NCR</a>
    }

    else
    {
        '<a href="UserOFI.php">Go to OFI</a>';
    }
?>

But there are still error. Did I use the wrong syntax? What should I do to pass the URL parameter in an IF and ELSE statement?

The sample is likely vulnerable to HTML injection/[cross-site scripting](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)) and possibly produces invalid HTML in some cases. See "[How to prevent XSS with HTML/PHP?](https://stackoverflow.com/q/1996122/90527)" — outis, Aug 14 '17 at 03:29

score 0 · Accepted Answer · answered Aug 14 '17 at 02:38

Change your code like this below

<?php 
  if ($row_checklist_finding_final['item_class'] == "Major")   
  {
    echo ' <a href="UserNCR.php?item_id='.$row_checklist_finding_final["item_id"].'">Go to NCR</a>';
  }
  else
  {
    echo '<a href="UserOFI.php">Go to OFI</a>';
  }
?>

score 0 · Answer 2 · answered Aug 14 '17 at 02:46

You can use the . concatenation operator to join variables together, e.g. as suggested in https://stackoverflow.com/a/45666738/5233704

Another way is to use double quotes for your string as these allow inclusion of variables. Arrays need to be surrounded by curly brackets when doing this:

 <?php 
    if ($row_checklist_finding_final['item_class'] == "Major")   
    {
        echo "<a href=\"UserNCR.php?item_id={$row_checklist_finding_final['item_id']\">Go to NCR</a>';
    }
    else
    {
        echo '<a href="UserOFI.php">Go to OFI</a>';
    }
?>

Note that any double quotes inside your string need to be escaped with a backslash.

PHP: Passing URL Parameter in IF and ELSE statement

2 Answers2