Question about spaces in query

RedBishop · October 24, 2013, 11:43am

Hi everyone,

I’m stuck on this - hopefully someone can help me. Thanks!
When a checkbox is selected a string (value) is added to the cityarray which is then used in a query. The problem appears to be the space between “new” and “york”. Used this way, the query no longer works. Single words work fine but not multiple words with spaces between them.

print'<form method="post" action="">
<input type="checkbox" name="new york" value=1>new york
<input type="submit" value="select">
</form>  ';

if (isset($_POST['new york'])) {
  $cityarray[] = "type = 'new york'";
}

cpradio · October 24, 2013, 11:52am

Using the name attribute for this seems odd to me and a bad design decision. Why didn’t you just use the value?

print'<form method="post" action="">
<input type="checkbox" name="city" value="new york">new york
<input type="submit" value="select">
</form>  ';

if (isset($_POST['city'])) { 
  // sanitize/validate before using it!
  $selectedCity = $_POST['city']; // if this is used in a query use mysql_real_escape_string or the correct variant for whatever you are using
  $cityarray[] = "type = '{$selectedCity}'"; 
}

RedBishop · October 24, 2013, 12:54pm

Hi there cpradio,

thank you for your help! That works a lot better - and thanks for your code comments about sanitization etc.