Why Chars “On” And “search=+” Appears On My Url After Submitting GET Method Form ?
This my form:
<html>
<head>
<meta name=”viewport” content=”width=device-width, initial-scale=1.0″>
</head>
<body>
<div align=’center’>
<form method=”GET” action=”<?php echo $_SERVER[‘PHP_SELF’];?>?col=<?php echo “$col&search=$search&limit=$limit&page=1″;?>”>
<label for=”search”>Search</label>
<input type=”text” name=”search” id=”search” required>
<br>
<label for=”col”>Search Type</label>
<input type=”radio” name=”col” id=”keywords” required>Keywords
<input type=”radio” name=”col” id=”keyphrase” required>Keyphrase
<br>
<label for=”limit”>Limit</label>
<select name=”limit” id=”limit”>
<option value=””></option>
<option value=”1″>1</option>
<option value=”10″>10</option>
<option value=”50″>50</option>
<option value=”100″>100</option>
<option value=”500″>500</option>
<option value=”1000″>1000</option>
</select>
<br>
<button type=”submit” name=”search_links” id=”search_links” value=” “>Search Links</button>
<br>
<button type=”reset”>Reset</button><br>
<br>
<br>
</form>
After submission I need form to send user to:
eg:
search= keywords go here
col= the mysql tbl column to query
limit= search result per page
Problem is, I get sent to:
Note the “col=on”. There is no mysql tbl column called “on”, hence getting error:
>
Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘on = ?’ at line 1 in C:xampphtdocstestpagination_2.php:90 Stack trace: #0 C:xampphtdocstestpagination_2.php(90): mysqli_stmt_prepare(Object(mysqli_stmt), ‘SELECT COUNT(su…’) #1 {main} thrown in C:xampphtdocstestpagination_2.php on line 90
Q1. Why browser shows “col=on” and not “col=$col” (in this case “col=keywords”) ?
Q2. Also, why in url gets added: “search=+” ? How to rid it ?
My code:
““
<?php
if(ISSET($_SESSION[‘user_id’]))
{
$user_id = $_SESSION[‘user_id’];
$user_type = ‘member’;
}
elseif(ISSET($_COOKIE[‘guest’]))
{
$user_id = $_COOKIE[‘guest’];
$user_type = ‘guest’;
}
else
{
die(“Error 1: Invalid User!”);
}
if(ISSET($_GET[‘search’]) && is_string($_GET[‘search’]))
{
$search = $_GET[‘search’];
}
else
{
die(“Type your single Keyword or single Keyphrase!”);
}
if(ISSET($_GET[‘col’]) && is_string($_GET[‘col’]))//’col=search_type’. ‘search_type’ options: 1). Mysql Column:keywords; 2. Mysql Column:keyphrase.
{
$col = $_GET[‘col’];
}
else
{
echo “Select Checkbox!”;
die(“Select your search type to indicate whether you are searching for a single Keyword or a single Keyphrase!”);
}
On the form, I selected “keywords” as the “col” to be queried:
<input type=”radio” name=”col” id=”keywords” required>Keywords
<input type=”radio” name=”col” id=”keyphrase” required>Keyphrase
Q3. How to fix this following line to solve the issue ?
<form method=”GET” action=”<?php echo $_SERVER[‘PHP_SELF’];?>?col=<?php echo “$col&search=$search&limit=$limit&page=1″;?>”>
Q4. Need to add security in the url so no hacker can injection in url. Do I need to add urlencode in the above-mentioned code ?
NOTE:
This is part of pagination code where you keyword search in the database. Hence, need to use $_GET method to have params in the url.