Mysql LIKE show unknown characters

Question

I tried to filter some data from a mysql table.

<?php
include ("connection.php");
$name = "cable";
$sql = "SELECT  * FROM stock WHERE item LIKE '%$name%'";
?>
<a target="_blank" href="test2.php?link=<?php echo $sql; ?>" >click</a>

I tried to get the sql statement using the $_GET[link] from the next page. (test2.php). Here's the code from TEST2.PHP

<?php    
include ("connection.php");   
$link = $_GET['link'];
echo $link;

then the echo $link show me a different value. It doesn't display "cable". Instead, it displays

SELECT * FROM stock WHERE item LIKE 'Êble%'

can you tell me why CABLE became Êble ?

score 0 · Answer 1 · edited May 23 '17 at 12:06

0

This is not a good idea to pass SQL statement in URL. please refer below link for reference, refer this

If you want to pass special charaters through URL,you can use,

urlencode($url);

edited May 23 '17 at 12:06

Community

1
1

answered Mar 21 '15 at 04:38

Ayyanar G

1,545
1
11
24

score 0 · Accepted Answer · answered Mar 21 '15 at 04:57

As Ayyanar said, yes, its not an good idea to pass a SQL query in URL.

But if you still want to achieve that you can do something like this:

TEST1.PHP

<?php
$name = "cable";
$sql = "SELECT  * FROM stock WHERE item LIKE '%--$name--%'";
?>
<a target="_blank" href="test2.php?link=<?php echo $sql; ?>" >click</a>

TEST2.PHP

<?php
$link = $_GET['link'];    
$link = str_replace(
  array('%--', '--%'), 
  array('%', '%'), 
  $link
);
echo $link;
?>

Mysql LIKE show unknown characters

2 Answers2