CODEWITHSUNDEEP
phphtmlmysqlajax
tversluys
tversluys

Reputation: 13

PHP $_Get is not receiving querystring value

I'm creating a dropdown menu that sends a "country code" to PHP file which queries MySQL. This then generates an html table. Everything seems to work except that $_GET always receives nothing. Even when I hard code the querystring to a code. What am I missing?

HTML:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
     <title>Test</title>
     <script type="text/javascript">
         function showCountry(str) {
             if (str == "") {
              document.getElementById("SurveyContainer").innerHTML = "";
              return;
             }
            if (window.XMLHttpRequest) {
                // code for IE7+, Firefox, Chrome, Opera, Safari
                xmlhttp = new XMLHttpRequest();
            } 
            else {  // code for IE6, IE5
                xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
            }
            xmlhttp.onreadystatechange = function () {
                if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
                    document.getElementById("SurveyContainer").innerHTML = xmlhttp.responseText;
                }
            }

            xmlhttp.open("GET", "getSurveys.php?q=" + str, true);
            xmlhttp.send();
        }
     </script>
</head>
<body>
    <select name="countries" onchange="showCountry(this.value)">
        <option value="">Select Country:</option>
        <option value="WW">WW</option>
        <option value="AU">AU</option>
        <option value="USA">USA</option>
    </select>

    <div id="SurveyContainer"><b>Survey table</b></div>
</body>
</html>

getSurveys.php:

<?php

//Get Country Code
$q = ( isset( $_GET['q'] ) && is_numeric( $_GET['q'] ) ) ? intval( $_GET['q'] ) :'WW';

$con = mysqli_connect('localhost','myusername','mypassword','mydatabase');

if (!$con) {
    die('Could not connect: ' . mysqli_error($con));
}

mysqli_select_db($con,"mydatabase");

$sql="SELECT * FROM tblSurveys WHERE country = '".$q."'";

$result = mysqli_query($con,$sql);

echo "<table class='surveytable'>";
echo "<tr><th width='61'>Country</th><th>Link To Join Paying Survey Panel Web Site</th><th>About Survey Panel</th><th width='93'>Survey Incentives</th></tr>";

while($row = mysqli_fetch_array($result)) {
    echo "<tr><td><b>$row[country]</b></td><td><a href='$row[link]' target='_blank'>$row[name]</a></td><td>$row[description] </td><td>$row[incentives]</td></tr>";
}

echo "</table>"; 

mysqli_close($con);

?>

Thanks in advance!

Upvotes: 1

Views: 1148

Answers (1)

jeroen
jeroen

Reputation: 91734

I am not exactly sure what value you are checking: $q or $_GET['q'], but the logic at the top of your php script is wrong:

$q = ( isset( $_GET['q'] ) && is_numeric( $_GET['q'] ) ) ? intval( $_GET['q'] ) :'WW';

You are checking for a numeric value and casting to an integer while the value of your query string is either nothing or a country code string.

So your actual $_GET['q'] value will never be used in your script.

You only need:

$q = isset( $_GET['q'] ) ? $_GET['q'] :'WW';

And then you would need a prepared statement (or mysqli_real_escape_string()...) to prevent sql injection.

Upvotes: 2

Related Questions