Getting the values of the link using get variable in php

Question

I have a link in a php file which takes mke to another page. Here is the link:

 <?php  echo ' <a href="product_detail.php?marca='.$row["maname"].'">'?>

So I know that I can take the marca from this link using $_GET["marca"] in php. Now I want to output some categories but only them which marca is the same as $_GET["marca"]. I create this sql query but it outputs an error in the last row:

$sql0="SELECT  marche.marca as maname 
FROM marche
 WHERE maname=$_GET["marca"];
  ";

Have I done something wrong? Can someone tell me which is the right syntax to include get variable inside sql queries?Thanks!

Possible duplicate of [When to use single quotes, double quotes, and backticks?](http://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks) — Epodax, Sep 23 '16 at 10:24

score 1 · Answer 1 · answered Sep 23 '16 at 10:24

Your query seems to be okay except at one place.

$sql0="SELECT marche.marca as maname FROM marche WHERE maname=".$_GET["marca"];

But you should not depend on input ,you need to first sanitize it. e.g.,

$input = mysql_real_escape_string(trim($_GET["marca"]));

$sql0="SELECT marche.marca as maname FROM marche WHERE maname='$input'";

score -1 · Answer 2 · answered Sep 23 '16 at 10:27

-1

Since you try de put php in your request, you need to close the SQL request, do your action in php, then open again your SQL request, like that :

$sql0="SELECT marche.marca as maname 
FROM marche 
WHERE maname=" . $_GET["marca"] .";";

answered Sep 23 '16 at 10:27

a0umi

69
1
7

Getting the values of the link using get variable in php

2 Answers2