$_GET shows also another page - php

I've discoverd a bug into my script. I will try to explain it.
I've made 2 pages into category.php
This one here below shows all content related to a category:
/category.php?nameID=Test
When I go to the first content related to this category for example:
/category.php?nameID=Test&id=2 I receive information from MYSQL about post ID 2, also all posts related to that category named 'test' below. Which I clearly don't want to get. only the Post ID
<?php
// BEGIN OF SHOWING CONTENT PAGE
if (isset($_GET['id'])){
$naamID = mysql_real_escape_string($_GET['nameID']);
$id = mysql_real_escape_string($_GET['id']);
$idnext = $id + 1;
$gn = (" SELECT * FROM category WHERE name='".$naamID."'") or die(mysql_error());
$go = (" SELECT * FROM post WHERE id='".$id."'") or die(mysql_error());
$gnn = mysql_query($gn) or die(mysql_error());
$goo = mysql_query($go) or die(mysql_error());
$gnnn = mysql_fetch_array($gnn);
$gooo = mysql_fetch_array($goo);
?>
<?php
echo '<p>';
if(empty($gooo['youtube'])){
} else {
?> <h1> <?php echo htmlspecialchars($gooo["title"]); ?> </h1><br />
<?php
$fullurl1 = $gooo['youtube'];
$videoid1=substr($fullurl1,-11);
?>
<?php
echo '<p><i>Edit this post</i><br />';
echo '<iframe width="560" height="315" src="//www.youtube.com/embed/'.$videoid1.'" frameborder="0" allowfullscreen></iframe><br />';
echo '</p>';
}
if(empty($gooo['pic'])){
} else {
?> <h1> <?php echo htmlspecialchars($gooo["title"]); ?> </h1><br />
<?php
echo '<p><i>Edit this post</i><br />';
echo '<img src="'.$gooo["pic"].'" style="max-height: auto; max-width: 600px;"/><br></p>';
}
echo '</p>';
}
?>


I dont know what you exactly want please be specific
But your code should be like this ->
$gnn = mysql_query("SELECT * FROM category WHERE name='$naamID'") or die(mysql_error());
$goo = mysql_query("SELECT * FROM post WHERE id= $id ") or die(mysql_error());
$gnnn = mysql_fetch_array($gnn);
$gooo = mysql_fetch_array($goo);
The above code will fetch only one row from each table. Also you had put $id in single quotes that makes it a string
Comment below if you need more help

Related

Need to hide player

I'm trying to hide a youtube player when there is no yt id in the row/colum, I'm trying but don't know what i'm doing wrong. thank you very much
include 'config.php';
if (isset($_GET['id'])){
$naamID = mysql_real_escape_string($_GET['nameID']);
$id = mysql_real_escape_string($_GET['id']);
$idnext = $id + 1;
$gn = (" SELECT * FROM category WHERE nameID='".$nameID."'") or die(mysql_error());
$go = (" SELECT * FROM post WHERE id='".$id."' and youtube='".$id."'") or die(mysql_error());
$gnn = mysql_query($gn) or die(mysql_error());
$goo = mysql_query($go) or die(mysql_error());
$gnnn = mysql_fetch_array($gnn);
$gooo = mysql_fetch_array($goo);
// down here is the problem
if(!empty($gooo)){
echo 'no video player';
} else {
echo '<h1> '.$gooo["title"].'</h1><br />';
echo '<iframe width="560" height="315" src="//www.youtube.com/embed/'.$gooo["youtube"].'" frameborder="0" allowfullscreen></iframe><br />';
}

The function empty returns true if the variable is empty so remove !.
if(empty($gooo)){
echo 'no video player';
} else {
echo '<h1> '.$gooo["title"].'</h1><br />';
echo '<iframe width="560" height="315" src="//www.youtube.com/embed/'.$gooo["youtube"].'" frameborder="0" allowfullscreen></iframe><br />';
}

show all images in my products page from a selected category when a category link is selected- php Mysql

I want to show all images in my products page from a selected category when a category link is selected. My database table has 'id', 'name', 'size', 'category_id', 'image_path'. My uploading of images and saving to database and to a selected category all work correctly, I have a page where I can delete from database and that works correctly. My products.php file is below and I need assistance if some one can help.
<?php
require_once ("Includes/session.php");
require_once ("Includes/simplecms_config.php");
require_once ("Includes/connectDB.php");
include("Includes/header.php");
confirm_is_admin();
?>
<section>
<?php
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$category_id = $_GET['category_id'];
$query = mysqli_query($databaseConnection, "SELECT * FROM products WHERE category_id = '".$category_id."'");
echo '<div id="main_products">';
echo '<h1 style="margin-left: 85px;">Golf '.$category_id.'</h1><br /><br />';
$row_count = mysqli_num_rows($query);
if ($row_count == 0) {
echo '<p style="color:red">There are no images uploaded for this category</p>';
} elseif ($query) {
echo '<table style="text-align:center;">';
while($prod = mysqli_fetch_array($query))
{
echo '<tr><td>';
$file = $prod['/Golfsite/uploads/'];
$name = $prod['name'];
$id = $prod['id'];
$category_id = $prod['category_id'];
$image_path = $prod['image_path'];
echo '<img src="'.$file.'" height="150" width="175" margin="10" float="center" border="0" title="'.$name.'" />';
echo '</td></tr>';
}
echo '</table>';
}
else
{
die('There was a problem with the query: ' .$query->error);
}
?>
</div>
</section>
<br />
<?php
include ("Includes/footer.php");
?>

first check ur $_GET['category_id'] value , what is coming in this variable and if this is picking right category value then go and echo ur sql query and run this query into ur mysql database and see the result .if the result set is coming properly then the query is right otherwise there is problem in between these 2 cases.

Mysql Field Data not displaying when a link is clicked?

I'm trying to get data from a database if a link is clicked.
I used the example codes suggested from this example -Getting mysql field data when a link is clicked?
But it doesn't work when I click on a link nothing comes up.
main.php
<?php
include('conn.php');
$sql2 = "SELECT Title FROM addpromo";
$result2 = mysql_query($sql2);
echo "<div id=\"links\">\n";
echo "<ul>\n";
while ($row2 = mysql_fetch_assoc($result2)) {
echo "<li> <a href=\"fullproject.php?title=\""
. urlencode($row2['Title']) . "\">"
. htmlentities($row2['Title']) . "</a>\n</li>";
}
echo "</ul>";
echo "</div>";
?>
This is displaying correct.but when I click at a link nothing is showing up in fullproject.php, Just a blank page.
fullproject.php
<?php
// Connect to server.
include('conn.php');
$projectname = isset($_GET['Title']);
$sql1 = "SELECT Title FROM addpromo WHERE Title = '$projectname'";
$result1 = mysql_query($sql1);
while ($row1 = mysql_fetch_assoc($result1)) {
echo "Project Name: " . $row1['Title'] . "<br />";
echo "<br /> ";
}
?>
Can someone help me to fix this, or any other way to make this(to get data from a database if a link is clicked) possible?

Change to this
main.php
<?php
include('conn.php');
$sql2="SELECT Title FROM addpromo";
$result2=mysql_query($sql2);
echo '<div id="links">';
echo '<ul>';
while($row2 = mysql_fetch_assoc($result2)){
echo '<li>'.htmlentities($row2['Title']).'</li>';
}
echo '</ul>';
echo '</div>';
?>
fullproject.php
<?php
if(isset($_GET['title'])){
include('conn.php');
$projectname= $_GET['title'];
$sql1="SELECT Title FROM addpromo WHERE Title = '$projectname'";
$result1=mysql_query($sql1);
while($row1 = mysql_fetch_assoc($result1)) {
echo "Project Name: " . $row1['Title']. "<br />";
echo "<br /> ";
}
}
?>

This is storing a boolean value $projectname= isset($_GET['Title']);, whether or not the title is set. Instead use $projectname = $_GET['Title'];

isset returns a boolean value (true/false) and you want the actual value of the variable:
$projectname= $_GET['title'];
Furthermore, you have to pass only the title as the URL parameter, without enclosing it within quotes. So there is an error in this line:
echo "<li> <a href=\"fullproject.php?title=" . urlencode($row2['Title']) . "\">"
Note the lack of \" after title=

mysql_fetch_assoc to echo linked table results with php

Using php, I am trying to link results from 3 tables that are connected by a same value. I would then like each dynamic set of related results to repeat as a while loop on the page. This is the result I would like:
artist->
series1->piece1, piece2
series2->piece3, piece4
Artists and series tables share a matched column named 'artist'. Series and piece table have a matched column name 'series'. I know these tables are linked through this same matched value in the database as on another page cascade delete is working.
Currently it only shows the series as an echo repeat loop but with no artist or piece related on either side. Like so: http://www.exhibitjewellery.com/artistindex.php
Whether a mysql_fetch_assoc is the right way, I am not sure. I am confused as to whether the tables are linking correctly at all or if the problem is how I have divided the body section for formatting. I have a feeling a multidimensional array may help or even nesting the tables but I haven't quite grasped how all the details combine throughout each section of the code. Please help!
PHP above the head:
<?php
mysql_select_db($database_connectmysql, $connectmysql);
$query_artistrecordset = "SELECT * FROM artists ORDER BY artist ASC";
$artistrecordset = mysql_query($query_artistrecordset, $connectmysql) or die(mysql_error());
$row_artistrecordset = mysql_fetch_assoc($artistrecordset);
$totalRows_artistrecordset = mysql_num_rows($artistrecordset);
mysql_select_db($database_connectmysql, $connectmysql);
$query_seriesrecordset = "SELECT * FROM series, artists WHERE series.artist=artists.artist ORDER BY exhibition ASC";
$seriesrecordset = mysql_query($query_seriesrecordset, $connectmysql) or die(mysql_error());
$resultseries = mysql_query($query_seriesrecordset);
$row_seriesrecordset = mysql_fetch_assoc($resultseries);
$totalRows_seriesrecordset = mysql_num_rows($seriesrecordset);
mysql_select_db($database_connectmysql, $connectmysql);
$query_piecerecordset = "SELECT * FROM pieces,series WHERE pieces.piece=series.series ORDER BY piece ASC";
$piecerecordset = mysql_query($query_piecerecordset, $connectmysql) or die(mysql_error());
$resultpiece = mysql_query($query_piecerecordset);
$row_piecerecordset = mysql_fetch_assoc($resultpiece);
$totalRows_piecerecordset = mysql_num_rows($piecerecordset);
?>
This is how I have tried to echo it in the body:
<div id="serieslist" align="right">
<?php echo $row_artistrecordset['artist']; ?><br />
<?php echo $row_artistrecordset['website']; ?><br />
<?php echo $row_artistrecordset['artist_statement']; ?><br />
<?php do { ?>
<?php echo $row_seriesrecordset['series']; ?><br />
<?php echo $row_seriesrecordset['exhibition']; ?><br />
<?php echo $row_seriesrecordset['series_statement']; ?><br />
<?php do { ?>
<?php echo $row_piecerecordset['piece']; ?><br />
<?php echo $row_piecerecordset['description']; ?><br />
<?php echo $row_piecerecordset['category']; ?><br />
<?php echo $row_piecerecordset['dimensions']; ?><br />
<?php echo $row_piecerecordset['price']; ?><br />
add to collection button<br />
<?php } while ($row_piecerecordset = mysql_fetch_assoc($resultpiece)); ?>
<?php } while ($row_seriesrecordset = mysql_fetch_assoc($resultseries)); ?>
</div>
</body>
</html>
<?php
mysql_free_result($artistrecordset);
mysql_free_result($seriesrecordset);
mysql_free_result($piecerecordset);
?>
Any help would be greatly appreciated as I have been working on this for days!

Working from your code, here's a version converted to mysqli, with some of the redundant lines removed. I haven't been able to test this, so a little debugging might be required.
<?php
$connectmysql = mysqli_connect("dbhost","dbuser","dbname","dbname") or die("Database error:".mysqli_connect_error);
$query_artistrecordset = "SELECT * FROM artists ORDER BY artist ASC";
$artistrecordset = mysqli_query($connectmysql, $query_artistrecordset) or die(mysqli_error);
$query_seriesrecordset = "SELECT * FROM series, artists WHERE series.artist=artists.artist ORDER BY exhibition ASC";
$seriesrecordset = mysqli_query($connectmysql, $query_seriesrecordset ) or die(mysqli_error);
$query_piecerecordset = "SELECT * FROM pieces,series WHERE pieces.piece=series.series ORDER BY piece ASC";
$piecerecordset = mysqli_query($connectmysql, $query_piecerecordset) or die(mysqli_error);
echo "<div id="serieslist" align="right">"
while ($row_artistrecordset = mysqli_fetch_assoc($artistrecordset)) {
echo $row_artistrecordset['artist'],"<br>";
echo $row_artistrecordset['website'],"<br>";
echo $row_artistrecordset['artist_statement'],"<br>";
while ($row_seriesrecordset = mysqli_fetch_assoc($seriesrecordset)) {
echo $row_seriesrecordset['series'],"<br>";
echo $row_seriesrecordset['exhibition'],"<br>";
echo $row_seriesrecordset['series_statement'],"<br>";
while ($row_piecerecordset = mysqli_fetch_assoc($piecerecordset)) {
echo $row_piecerecordset['piece'],"<br>";
echo $row_piecerecordset['description'],"<br>";
echo $row_piecerecordset['category'],"<br>";
echo $row_piecerecordset['dimensions'],"<br>";
echo $row_piecerecordset['price'],"<br>";
echo "add to collection button<br />";
} // end of pieces
} // end of series
} //end of artists
mysqli_free_result($artistrecordset);
mysqli_free_result($seriesrecordset);
mysqli_free_result($piecerecordset);
echo "</div>";
?>
</body>
</html>

Firs I recommend you use object oriented PHP. Keep this on a separate, secure page called db.php, or something:
//db.php
<?php
function db(){
return new mysqli('replaceWithHostName', 'relaceWithUserName', 'replaceWithPassWord', 'replaceWithDatebaseName');
}
?>
Now for your other page:
//other.php
<?php
include('db.php'); $db = db(); $nr = 'No Results Were Found'; $od = '<div>'; $cd = '</div>'; $br = '<br />'; $ar = $sr = $pr = '';
$artistrecordset = $db->query('SELECT * FROM artists ORDER BY artist ASC');
if(!$artistrecordset)die($db->error);
if($artistrecordset->num_rows > 0){
while($row_ar = $artistrecordset->fetch_assoc()){
$ar .= $od.$row_ar['artist'].$br.$row_ar['website'].$br.$row_ar['artist_statement'].$cd;
}
$artistrecordset->free();
}
else){
die($nr);
}
$seriesrecordset = $db->query('SELECT * FROM series, artists WHERE series.artist=artists.artist ORDER BY exhibition ASC');
if(!$seriesrecordset)die($db->error);
if($seriesrecordset->num_rows > 0){
while($row_sr = $seriesrecordset->fetch_assoc()){
$sr .= $od.$row_sr['series'].$br.$row_sr['exhibition'].$br.$row_sr['series_statement'].$cd;
}
$seriesrecordset->free();
}
else){
die($nr);
}
$piecerecordset = $db->query('SELECT * FROM pieces,series WHERE pieces.piece=series.series ORDER BY piece ASC');
if(!$piecerecordset)die($db->error);
if($piecerecordset->num_rows > 0){
while($row_pr = $piecerecordset->fetch_assoc()){
$pr .= $od.$row_pr['piece'].$br.$row_pr['description'].$br.$row_pr['category'].$br.$row_pr['dimensions'].$br.$row_pr['price'].$cd;
}
$piecerecordset->free();
}
else){
die($nr);
}
$db->close();
$head = '<html><head></head><body>'; //this could be your other info
echo "$head<div id='serieslist' align='right'>$ar$sr$pr$cd".
"<script type='text/javascript'>/*you should put your JavaScript here*/</script>".
'</body></html>';
?>
Really, you should use an external src for your JavaScript so it's cached. Sorry, if the format is hard to read. Use the scrollbars.

You missed to write while loop for $row_artistrecordset as you did also for others, see your code there are only two loops.

First try this query in something like phpMyAdmin to see if it gets the result you want.
SELECT *
FROM artists a
JOIN series s ON s.artist = a.artist
JOIN pieces p ON p.series = s.series
ORDER BY a.artist;
Then process the single result like this.
mysql_select_db($database_connectmysql, $connectmysql);
$q = "SELECT * FROM artists a
JOIN series s ON s.artist = a.artist
JOIN pieces p ON p.series = s.series
ORDER BY a.artist";
$result = mysql_query($q, $connectmysql) or die(mysql_error());
foreach ( $row = mysql_fetch_assoc($result) ) {
echo $row['artist'] . '<br />';
echo $row['website'] . '<br />';
echo $row['artist_statement'] . '<br />';
echo $row['series'] . '<br />';
echo $row['exhibition'] . '<br />';
echo $row['series_statement'] . '<br />';
echo $row['piece'] . '<br />';
echo $row['description'] . '<br />';
echo $row['category'] . '<br />';
echo $row['dimensions'] . '<br />';
echo $row['price'] . '<br />';
echo ' add to collection button<br />';
}
Ok you should also use mysqli or PDO as the mysql extension is now deprecated, but without changing everything and its not a like for like just add a i conversion, you could try this as an interim solution.

Showing delete link for comments posted by the logged in users only in PHP

I have a page which shows the comments posted by all users. Here I need to show a delete link on the side of the comments posted by that current logged in user and he should be able to delete that comment too (like in Facebook, Orkut or any Blogging site). The sample code which I have tried is:
<?php
$user_id = 1;
$con = mysql_connect("localhost","root","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("blog", $con);
$result = mysql_query("SELECT * FROM replies");
while($row = mysql_fetch_array($result))
{
$replies = $row;
if($replies['poster_id' == $user_id]){
$delete = 'Delete';
}
echo $replies['poster_id']?></a> ¦ <?php echo $replies['reply_text']?> ¦ <?php echo $delete?></div>
<?php echo "<br />";
}
mysql_close($con);
?>
Here I have given the user_id which is hardcoded here.
What I got is, delete link is displayed on all comments. I need to display delete link for user_id with "1" only.
Can anyone suggest me to get the solution...Thanks in Advance...

<?php
if (isset($_GET['reply'],$_GET['where']))
$result=mysql_query("Delete FROM $replies WHERE entry_id = '$_GET['reply']'");
$username = $session->username;
$result=mysql_query("SELECT * FROM $replies WHERE entry_id = '$id' ORDER by reply_id DESC");
while ($i = mysql_fetch_array($result))
{
$replies = $i;
if ($replies['poster_id'] == $username){
$delete = 'Delete';
}
?>
<div>
<div><a href="profiles/<?php echo $replies['poster_id']?>">
<?php echo $replies['poster_id']?></a> ¦ <?php echo $replies['post_time']?> ¦ <?php echo $delete?></div>
<div><?php echo $replies['reply_text']?></div>
</div><br/><br/>
<?
}

I know this is kind of old, and probably already well taken care of, but you forgot a ; after $delete
<?php echo $delete?>
should be
<?php echo $delete; ?>

Categories