Add page in Concrete5 - php

I am trying to add page via code in Concrete5(CMS).
$parentPage = Page::getByPath("/hotel");
$ct = CollectionType::getByHandle("products");
$data = array();
$data['cName'] = 'New Page';
$data['cDescription'] = 'Description here';
$newPage = $parentPage->add($ct, $data);
But I get MySql error:
mysql error: [1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1] in EXECUTE("select max(cDisplayOrder) from Pages where cParentID = LIMIT 1")
And also How can I add an Attribute when created page??


The SQL error implies to me that the $parentPage wasn't instantiated properly. C5 is confusing in that the Page::getBy...() and a few others will return an object even if the page doesn't exist -- it's your responsibility to check it for errors.
Are you expecting that /hotel exists? You have to create it first. You should var_dump($parentPage) after you've loaded it.

Related

Update query gives Mariadb version error

if (isset($_POST['update'])) {
$column=(isset( $_POST['column']));
$type= (isset($_POST['type']));
$value= (isset($_POST['value']));
mysql_query("UPDATE `combo1` SET column = '$column', type = '$type' ,value ='$value' WHERE id = '$id'");
}
The update query is not working I am not getting what is the solution please help me to overcome this problem
You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use
near 'column = '', type = '' ,value ='' WHERE id = '20'' at line 1

isset() method returns boolean value change like this
$column = isset( $_POST['column']) ? $_POST['column']:"";
Same for others

Modify your code as follows:
if (isset($_POST['update'])) {
$column = $_POST['column'];
$type = $_POST['type'];
$value = $_POST['value'];
mysql_query("UPDATE `combo1` SET column = '$column', type = '$type' ,value ='$value' WHERE id = '$id'");
}
If you remove the isset() method (refer to this link if you want more about the isset() method) as I have given above, the texts inside $column, $type and $value are substituted directly into the update string.
Update string does not contain any syntax errors in this case. Refer to this link if you want more information.
I also recommend you read up on SQL injection, as this sort of parameter passing is prone to hacking attempts if you do not sanitize the data being used:
MySQL - SQL Injection Prevention

The error message has virtually nothing to do with the 'version'. It is a syntax error complaining about "column". That word is a reserved word. Since you seem to have called the column column, put backtics around it, just as you did for the tablename.

mysqli_query($link,"UPDATE combo1 SET column='$column',type = '$type',value='$value' WHERE id ='$id'")
or die(mysqli_error($link));

Delete from table where id in (*php variable*) returns error

I working in a php application where I must delete the selected items from a list where each item haves their own ID from mysql database, everything goes ok until execute the query in php.
This is the error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 5
this is the String that I execute in the query:
$queryDE = "delete from md5_agenda
where id_empresa = $empi
and id_unidade = $unii
and id_usuario = $usrr
and id_item_agenda in ($deletar);"
The variable $deletar receives their value from post method and their value is like: 35,36,47,... and can be one ore many different values
But my problem is if I change $deletar for the exactly values everything goes fine, but if I use the php variable with THE EXACTLY SAME VALUE it doesn't work and returns the previous error message, I have no more ideas about what to do... I wanna keep in this way where I can choose all IDs that I want delete, without repeat the query.
Thanks.
edit:

foreach($deletar as $val)
{
$queryDE = "delete from md5_agenda
where id_empresa = $empi
and id_unidade = $unii
and id_usuario = $usrr
and id_item_agenda = $val;"
}
your code is not working because $deleter is return multiple value.
check code it's working.

Why don't you use a safe parametrized query?
$db =new PDO('... your connection string ... ');
$stmt = $db->prepare("delete from md5_agenda
where id_empresa = :empi
and id_unidade = :unii
and id_usuario = :usrr
and id_item_agenda in (:deletar);");
$stmt->execute(array(
':empi' => $empi,
':unii' => $unii,
':usrr' => $usrr,
':deletar' => $deletar
)
);

PHP: query function erron executing update query string

I have a problem with a query. This query works with phpMyAdmin, but I have an error when this query is execute by PHP. What could be the reason?
My PHP code is:
var_dump($sql);
query($sql);
when I debug:
this is the query string:
UPDATE searchcolumnsets SET name = "Project X",jsonfields = "[{\"name\":\"cm:contentPropertyName\",\"title\":\"Thumbnailed Content Property Name\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"cm:defaultHomeFolderPath\",\"title\":\"Percorso cartella homepage\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"trx:enabled\",\"title\":\"Abilitato\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"cm:identifier\",\"title\":\"Identificativo\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"cm:expiryDate\",\"title\":\"Data di scadenza\",\"description\":\"Data di scadenza\",\"datatype\":\"d:date\"},{\"name\":\"cm:hits\",\"title\":\"Conteggio\",\"description\":\"Conteggio\",\"datatype\":\"d:int\"}]" WHERE id = 50
this is the error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name":"cm:contentPropertyName","title":"Thumbnailed Content Property Name","desc' at line 1

you may use single qoute instead.
try this
UPDATE searchcolumnsets SET name = 'Project X',jsonfields = '[{\"name\":\"cm:contentPropertyName\",\"title\":\"Thumbnailed Content Property Name\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"cm:defaultHomeFolderPath\",\"title\":\"Percorso cartella homepage\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"trx:enabled\",\"title\":\"Abilitato\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"cm:identifier\",\"title\":\"Identificativo\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"cm:expiryDate\",\"title\":\"Data di scadenza\",\"description\":\"Data di scadenza\",\"datatype\":\"d:date\"},{\"name\":\"cm:hits\",\"title\":\"Conteggio\",\"description\":\"Conteggio\",\"datatype\":\"d:int\"}]' WHERE id = 50

Getting error when pages are being requested

I had someone build out a custom CMS for a small site and now I can't get a hold of the developer. I get this error when trying to view my site:
You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version
for the right syntax to use near 'order by sortorder' at line 1:
select path, title
from pages
where parent_id =
order by sortorder
After some help I was able to I think pin point where the problem is:
public function getChildLinks()
{
$list = array();
$WHERE_path = substr($_SERVER['REQUEST_URI'], 1);
$WHERE_path = strlen($WHERE_path) ? '= "'.$WHERE_path.'"' : 'IS NULL';
$parentPageRowset = Axl_Db::query('SELECT id, parent_id FROM '.$this->_name.' WHERE path '.$WHERE_path);
$parent_id = $parentPageRowset[0]['parent_id'] ? $parentPageRowset[0]['parent_id'] : $parentPageRowset[0]['id'];
$listRowset = new Axl_Db_Rowset('SELECT path, title FROM '.$this->_name.' WHERE parent_id = '.$parent_id.' ORDER BY sortorder');
while($listRowset->next())
{
$list['/'.$listRowset->path] = $listRowset->title;
}
return $list;
}
This is the function causing the problem.

The issue is with your WHERE clause; it has parent_id = but nothing following. You need to provide a value into the query.

More than likely the CMS needs a GET var in the url in order for the mysql statement to work.

Well after getting great feed back from Adam I was able to really pin point what file I needed to fix and or look into a little deeper.
It turns out that I needed to quote out the parent_id variable
like so:
$listRowset = new Axl_Db_Rowset('select path, title from '.$this->_name.' where parent_id = "'.$parent_id.'" order by sortorder');
Thanks Adam for your help

Inserting embed code in database PHP issue

hey, I'm trying to insert an embed code in my database, and it's giving me this error
Error adding new data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'movie.php?id=6001',
type = 'stream',
embed = '<object width=\"500\" he' at line 1
now this is the code i'm using :
$sql = "INSERT INTO videos SET
title = '".mysql_escape_string($title)."',
urltitle = '".slug(mysql_escape_string($title))."',
description = '',
category = 'streams',
first_img = '".mysql_escape_string($imgurl)."',
o_url = 'http://watchnewfilms.com/'".mysql_escape_string($thisUrl)."',
type = 'stream',
embed = '".mysql_escape_string($embed)."',
last_updated = '".date("Y-m-d")."',
date_added = '".date("Y-m-d")."'";
anyone see any problems?
Thanks!

You should use mysql_real_escape_string()
and you should apply it on the whole value for full security and better readability.
In your case, you have an extra ' here:
o_url = 'http://watchnewfilms.com/'".mysql_escape_string($thisUrl)."',
----------------------------------^

Categories