how to pass a variable thru URL in php

Question

Hi I am trying to pass a value from one file to another file via URL.

The way i do is: <a href='fund_view.php?idfund="<? echo $row['idfund']; ?>"'>

after all i get the right value in other file using

$aidi = $_GET['idfund'];

echo 'ID= '.$aidi;`

But the result i get is this format ID= \"10\"

the url after i pass the id looks like

http://example.com/fund_view.php?idfund="10"

and what i want the result to be is just ID="10".

Answer 1

Earlier versions of PHP (below 5.4) had an insanely counter-intuitive feature called "magic quotes" which automatically (and silently) escapes all GET/POST strings as if they were going to be used in a MySQL query.

It's relatively simple to reverse, just a headache when you're unaware that such a feature exists.

Solution 1: Turn off magic_quotes with ini_set

Sometimes you won't be able to use ini_set (restrictive host providers), so the following is the next best (and portable) solution that I've used:

NB: function provided on the get_magic_quotes_gpc function page

<?php
    function stripslashes_deep(&$value)
    {
        $value = is_array($value) ?
                    array_map('stripslashes_deep', $value) :
                    stripslashes($value);

        return $value;
    }

    if (get_magic_quotes_gpc())
    {
        stripslashes_deep($_GET);
        stripslashes_deep($_POST);
    }

?> 

Answer 2

Change

<a href='fund_view.php?idfund="<? echo $row['idfund']; ?>"'>

to

<a href='fund_view.php?idfund=<? echo $row['idfund']; ?>'>

Also keep in mind that your code is quite unsecure... At least cast the parameter to int before using it:

$aidi = (integer) $_GET['idfund'];

Answer 3

Turn off magic_quotes in php.ini and you should get rid of those backslashes.