We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

How do I pass Form GET variables into URL Segments?

April 09, 2011 8:51am

Subscribe [4]

  • #1 / Apr 09, 2011 8:51am

    bgarrant

    356 posts

    I am trying to figure out how I can pass 9 form GET variables from a form to a URL segment to be processed on a result page?  I have the form and results working using GET variable, but I would like a cleaner URL.  How can I do this?  When I pass the form to the result page now the url looks like:

    http://domain.com/index.php/search/results/?mls=123456&baths=3&Search=Search

    Right now, I am converting the GET variables to SESSION variables which may or may not be needed for the pagination module.  I figured it could be safer.  How do I adjust this to work with URL Segments, and then parse in the SQL Query?  Should I even use the Session variables?

    Sample Variable Retrieval on Result page

    if(isset($_GET['mls'])) {
    $mls = $this->EE->input->get('mls', TRUE);
    $_SESSION['mls'] = $mls;
}
else {
    $mls = $_SESSION['mls'];
}

if(isset($_GET['baths'])) {
    $baths = $this->EE->input->get('baths', TRUE);
    $_SESSION['beds'] = $baths;
}
else {
    $beds = $_SESSION['beds'];
}

    Sample Query that I will need to use URL Segments.

    {exp:query limit="10" paginate="both" sql="SELECT * FROM listings WHERE mls = '<?php echo $mls; ?>' AND baths >= '<?php echo $baths; ?>'"}

    Here is sample from the form

    <form action="http://domain.com/index.php/search/results/" method="get" name="search_listings">

<input name="mls" type="text" class="inputbigtext" />

select name="baths" class="inputbigtext">
    <option value="">Any</option>
      <option value="1">At least 1</option>
    <option value="2">At least 2</option>
    <option value="3">At least 3</option>
    <option value="4">At least 4</option>
    <option value="5">At least 5</option>
</select>

    Thanks,

    Bryan

  • #2 / Apr 10, 2011 11:17am

    giusi

    94 posts

    Maybe this session variables plugin coudl help you achive your goal easily?

  • #3 / Apr 10, 2011 2:39pm

    Rick Jolly

    729 posts

    The standard way to do this would be to:
    1. POST back to the same page and do validation.
    2. If validation fails, show errors.
    3. Else validation succeeded, so redirect to the results page with the data in the query string.

    Don’t use the session because you won’t be able to bookmark result pages. My rule with session variables is don’t use them unless you have no other choice.

  • #4 / Apr 10, 2011 8:58pm

    bgarrant

    356 posts

    I can’t seem to get the paginate EE function to work on search pages without using sessions.  I tried it without and it immediately fails when you go to page 2 or results.  Whether you are using GET or POST variables, the results pages do not carry the variables to other pages.  The URL drops the variables and just shows P20, P40, etc..  That is why I use the sessions.  Since I am using XSS filtering to sanitize form variables, am I pretty safe using this method from attacks?  There is not much to validate as most of the form gets values from a drop menu.  Should I be doing anything else?

  • #5 / Apr 10, 2011 9:26pm

    bgarrant

    356 posts

    Some of my other form drop menus look like this?  Is this best way for passing variables and displaying data from a MySQL database?  Does this look pretty safe?

    Form

    <select name="county" class="inputbigtext">
    <option value="%">Any</option>
    {exp:query sql="SELECT DISTINCT County FROM listings WHERE County != '' ORDER BY County ASC"}
    <option value="{County}">{County}</option>
      {/exp:query}
</select>

    Then I result page it looks like:

    if(isset($_GET['county'])) {
    $county = $this->EE->input->get('county', TRUE);
    $_SESSION['county'] = $county;
}
else {
    $county = $_SESSION['county'];
}

{exp:query limit="10" paginate="both" sql="SELECT * FROM listings WHERE County LIKE '<?php echo $county; ?>'"}

{paginate}
<div class="rows_pages2">
Page {current_page} of {total_pages} pages {pagination_links}

</div>
{/paginate}

  • #6 / Apr 11, 2011 12:58am

    Rick Jolly

    729 posts

    Preserving query strings with pagination:
    http://ellislab.com/forums/viewthread/152391/#738562
    http://blog.jeffbeck.info/?p=20

    Also, xss filtering and escaping database data are two different things. Always use mysql_real_escape_string() on database query inputs.

  • #7 / Apr 11, 2011 7:44am

    bgarrant

    356 posts

    Thank you so much Rick.  This is what I went with.  How does this look?

    Here is the form:

    <form action="http://domain.com/index.php/search/results/" method="get" name="search_listings">

<table width="400px" border="0">
    <tr>
            <td>County:</td>
            <td>
        <select name="county" class="inputbigtext">
        <option value="%">Any</option>
        {exp:query sql="SELECT DISTINCT County FROM listings WHERE County != '' ORDER BY County ASC"}
        <option value="{County}">{County}</option>
          {/exp:query}
        </select>
        </td>
      </tr>
    <tr>
            <td>Price Low:</td>
            <td>
        <select name="lowprice" class="inputbigtext">
        <option value="10000">$10,000</option>
                  <option value="20000">$20,000</option>
                  <option value="30000">$30,000</option>
                  <option value="40000">$40,000</option>
                  <option value="50000">$50,000</option>
                  <option value="60000">$60,000</option>
               </select>
        </td>
      </tr>
      <tr>
            <td>Price High:</td>
            <td>
        <select name="highprice" class="inputbigtext">
        <option value="10000">$10,000</option>
                  <option value="20000">$20,000</option>
                  <option value="30000">$30,000</option>
                  <option value="40000">$40,000</option>
                  <option value="50000">$50,000</option>
                  <option value="60000">$60,000</option>
                  <option value="70000">$70,000</option>
                  <option value="80000">$80,000</option>
                  <option value="90000">$90,000</option>
                  <option value="100000">$100,000</option>
                  <option value="110000">$110,000</option>
                  <option value="120000">$120,000</option>
                  <option value="130000">$130,000</option>
                  <option value="140000">$140,000</option>
                  <option value="150000">$150,000</option>
                  <option value="160000">$160,000</option>
                  <option value="170000">$170,000</option>
                  <option value="180000">$180,000</option>
                  <option value="190000">$190,000</option>
                  <option value="200000">$200,000</option>
        </select>
        </td>
      </tr>
      <tr>
            <td>MLS #:</td>
            <td><input name="mls" type="text" class="inputbigtext" /></td>
      </tr>
</table>

</form>

    Here is the results page.  Do I even need the if(isset() statements?  The URL string looks like this and work with pagination now.

    http://domain.com/index.php/search/results/P10?county=Lewis&school;=%&town;=%&proptype=Single+Family+Residential&lowprice=10000&highprice=350000&beds=1&baths=1&mls;=&Search=Search

    <?php

if(isset($_GET['mls'])) {
    $mls = $this->EE->input->get('mls', TRUE);
    mysql_real_escape_string($mls);
}

if(isset($_GET['lowprice'])) {
    $lowprice = $this->EE->input->get('lowprice', TRUE);
    mysql_real_escape_string($lowprice);
}

if(isset($_GET['highprice'])) {
    $highprice = $this->EE->input->get('highprice', TRUE);
    mysql_real_escape_string($highprice);
}

if(isset($_GET['county'])) {
    $county = $this->EE->input->get('county', TRUE);
    mysql_real_escape_string($county);
}
?>

{exp:query limit="10" paginate="both" sql="SELECT * FROM listings WHERE MLSNum = '<?php echo $mls; ?>' OR ((ListPr >= '<?php echo $lowprice; ?>' AND ListPr <= '<?php echo $highprice; ?>') AND County LIKE '<?php echo $county; ?>') ORDER BY ListPr ASC"}

{paginate}
<div class="rows_pages2">
Page {current_page} of {total_pages} pages 
{if previous_page}
    <a href="http://{auto_path}&lt?php" class='paginate-previous'> < Previous Page</a>  
  {/if}
 
  {if next_page}
    <a href="http://{auto_path}&lt?php" class='paginate-next'>Next Page ></a>
  {/if}


</div>
{/paginate}

  • #8 / Apr 11, 2011 1:58pm

    Rick Jolly

    729 posts

    A few things:

    1. No need for xss filtering because you aren’t displaying that data.
    2. mysql_real_escape_string() returns the escaped value so you use it like $value =  mysql_real_escape_string($value);
    3. You have to build your sql or you won’t get any results if, for example, mls number isn’t selected. So make $sql a php variable and add to it as you find not empty $_GET variables.
    4. Sql LIKE needs wild cards (%) before, after, or before and after. Like this: $country = mysql_real_escape_string(’%’ . $county . ‘%’);
    5. In addition to isset(), you’ll probably want to trim and check for empty values.

  • #9 / Apr 11, 2011 2:22pm

    bgarrant

    356 posts

    is this close to what you mean Rick?

    if(isset($_GET['mls']) AND $_GET['mls'] != "") {
    $mls = $this->EE->input->get('mls', TRUE);
    $mls = mysql_real_escape_string($mls);
    $mls = trim($mls);
}

  • #10 / Apr 11, 2011 2:26pm

    bgarrant

    356 posts

    Or is this better?

    if(isset($_GET['mls']) AND (!empty($_GET['mls']) {
    $mls = $this->EE->input->get('mls', TRUE);
    $mls = mysql_real_escape_string($mls);
    $mls = trim($mls);
}

  • #11 / Apr 11, 2011 2:43pm

    Rick Jolly

    729 posts

    Well, you don’t want to enter the conditional if trim($mls) == ‘’. Also, like I mentioned, xss filtering is unnecessary here.

    if(isset($_GET['mls']) AND trim($_GET['mls']) != '') {
    $mls = mysql_real_escape_string(trim($_GET['mls']);
    // Add mls to your sql query string
}

  • #12 / Apr 11, 2011 2:51pm

    bgarrant

    356 posts

    Thanks again Rick.

    What do you mean by “Add mls to your sql query string”?  I am using this for my SQL string.

    {exp:query limit="10" paginate="both" sql="SELECT * FROM listings WHERE MLSNum = '<?php echo $mls; ?>' OR ((ListPr >= '<?php echo $lowprice; ?>' AND ListPr <= '<?php echo $highprice; ?>') AND County LIKE '<?php echo $county; ?>') ORDER BY ListPr ASC"}

  • #13 / Apr 11, 2011 3:19pm

    Rick Jolly

    729 posts

    Just ask yourself: if no mls number exists, will your query return anything? Same with the other variables. You have to leave out conditionals in the sql if the variable is empty.

  • #14 / Apr 11, 2011 3:30pm

    bgarrant

    356 posts

    Do you mean something like this?  I am a bit confused on how to add this to SQL statement.

    if(isset($_GET['mls']) AND trim($_GET['mls']) != '') {
    $mls = mysql_real_escape_string(trim($_GET['mls']);
    $mlssql = "MLSNum = ‘<?php echo $mls; ?>’ OR" 
}  

if(isset($_GET['lowprice']) AND trim($_GET['lowprice']) != '') {
    $lowprice = mysql_real_escape_string(trim($_GET['lowprice']);
    $lowpricesql = "((ListPr >= ‘<?php echo $lowprice; ?>’ AND ListPr <= ‘<?php echo $highprice; ?>’) OR" 
} 

{exp:query limit=“10” paginate=“both” sql=“SELECT * FROM listings WHERE $mlssql $lowpricesql ORDER BY ListPr ASC”}

  • #15 / Apr 11, 2011 3:41pm

    Rick Jolly

    729 posts

    Something like that, yes. A couple errors to correct.

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register