Home/ Questions/Q 4259010
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T05:43:34+00:00

I have a PHP page where I’m passing the city name via a city

  • 0

I have a PHP page where I’m passing the city name via a “city” URL/GET variable. Currently, it’s passing the actual city name even if it has spaces (eg .php?city=New York). I then take the $city GET variable and run a MySQL query against cities.name.

This works just fine – but I’ve always been under the impression any variables, URL/GET or otherwise should never have spaces. I’m more than capable of either replacing the spaces w/ underscores, or removing them, and putting them back in for the query…etc – but I thought I’d ask first in case spaces are completely fine, and it was just my superstition telling me otherwise.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Spaces are fine, and are generally encoded with +.

    To be extra safe, use urlencode() on your values if manually adding them to your GET params.

    echo urlencode('New York'); // New+York

    CodePad.

    Otherwise, if your form if submitting as GET params, just leave them as they are 🙂

    I then take the $city GET variable and run a MySQL query against cities.name.

    Make sure you are using the suitable database escaping mechanism to be safe from SQL injection.

    • 0