Replaced $HTTP_GET_VARS with $_GET, but not working

為{幸葍}努か 提交于 2019-12-25 12:42:27

问题


I have the following code, which is not working for me. I used to have $HTTP_GET_VARS instead of $_GET, but then updated to PHP 5, and now things are broken. Any thoughts on what I'm doing wrong here?

<?php
$_GET['SubCat'];
$_GET['Location'];
$db = mysql_connect("localhost", "xxxx", "xxxx");
mysql_select_db("outdoors",$db);
if ($Location) {
$result = mysql_query("SELECT ID, Longitude, URL, SiteName, Description FROM hunting WHERE SubCategory = '$SubCat' AND Location = '$Location' AND Status <> 'HIDDEN' ORDER BY SiteName",$db);
} else {
$result = mysql_query("SELECT ID, Longitude, URL, SiteName, Description FROM hunting WHERE SubCategory = '$SubCat' AND Status <> 'HIDDEN' ORDER BY SiteName",$db);
<More unrelated stuff after this>

The variable will be passed through a link like this :

hunting.php?SubCat=Hunting+Locations

回答1:


For your first question:

You must store it in any variable such like this

$SubCat = $_GET['SubCat'];
$Location = $_GET['Location']; 

Or refer to it directly.

For your second question:

Any idea on an easy way to change those two lines on several dozen files at one on my server?

Use a global search function to cover your entire directory. You find it in any of the popular editors. The search for $_GET['SubCat']; and replace it by $SubCat = $_GET['SubCat'];. Just make sure it is an unique name.

On a side note:

You donot use any type checking or input escaping and directly put it in your sql statement. IT IS VERY DANGEROUS. Please use PDO or at least an escaping function before you pass it to avoid SQL injection attacks



来源:https://stackoverflow.com/questions/5814996/replaced-http-get-vars-with-get-but-not-working

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!