$_GET not passing to SELECT query

Question

I have page with a hyper link on it like so :

preview

When clicking on the A0000000 it will redirect you to localhost/student.php?anum=A00000000

I have checked if the actual number was being passed using

$get = $_GET['anum'];
echo $get;

this is what I get : Preview

I have done this multiple times before but the one thing that has changed is that now I am using a inner join and WHERE clauses to make a specific search. What this search must do is :

List a student that has counselorname as NOT NULL
Where finished= 1
And where the anum or student id number is = to the url anum using $_GET['anum']

this is the select statement :

$anum = filter_input(INPUT_GET, 'anum', FILTER_SANITIZE_STRING);
$anum = filter_var($anum, FILTER_SANITIZE_NUMBER_INT);

    try 
    {
    $query = $dbh->prepare("SELECT * FROM inoffice INNER JOIN comments ON 
                            inoffice.id = comments.id WHERE counselorname 
                            IS NOT NULL AND finished = '1' AND anum = :anum ");
    $query->bindParam(':anum', $anum);
    $query->execute();
    $result = $query->fetchall();
    }
        catch (PDOException $e) {
        error_log($e->getMessage());
        die($e->getMessage());
        }

I have tried the same query just by putting anum = A0000000 and it works flawlessly.

but when i try to do the above code i get an empty echo'd table.

Any help would be awesome! - ty

EDIT 1 : Thank you to cryptic remove the sanitizing part of the code the filter and what not and all works well. That was removing the A from the actual number part. So the query was not passing.

kittycat · Accepted Answer

$anum = filter_var($anum, FILTER_SANITIZE_NUMBER_INT);

is stripping out the letter 'A'

Per the documentation:

FILTER_SANITIZE_NUMBER_INT - Remove all characters except digits, plus and minus sign.

$_GET not passing to SELECT query

Answers (2)

Related Questions