My database fields are not populating but the page is confirming that it exists. So the first SQL is working, but the second is not pulling the info. If i take the page check out. It doesn't find the page and redirects to page_not_found. Am I going about this correctly? What am i doing wrong here?
//get page url and query db
$this_page = $_GET['page'];
$this_page = escape_data($_GET['page']);
//Make sure page exist
$SQL_page_exist = "SELECT page_title FROM learn_more WHERE page_title = '$this_page'";
$SPE_result = mysql_query($SQL_page_exist);
if(mysql_num_rows($SPE_result) == 0)
{
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=page_not_found.php">';
}
else {
$SQL =
"SELECT * FROM learn_more AS lm
INNER JOIN learn_more_to_reference_key AS lmtrk
ON lm.id = lmtrk.learn_more_id
INNER JOIN reference_keys AS rk
ON rk.keys_id = lmtrk.reference_key_id
WHERE page_title = '$this_page'";
$result = mysql_query($SQL);
while ($db_field = mysql_fetch_assoc($result));
{
$id = $db_field['ID'];
$main_title = $db_field['main_title'];
$main_content = $db_field['main_content'];
$reference_keys = $db_field['keys_href'];
$sub_title = $db_field['sub_title'];
$sub_content = $db_field['sub_content'];
}
}
mysql_close($dbc);
You should remove the semi-colon after your while statement since it won't execute the following enclosure (meaning your query is fine, but the while statement is invalid).
Also, I'm not sure, but the statement:
$id = $db_field['ID'];
Might generate an error if the mysql field is 'id' (lowercase). While MySQL isn't (usually) case sensitive, php array keys are, so it may be that the key is only available as 'id' and not 'ID'...
Turns out that an empty field from a relational db table (just 1 black field) which is set to not null was causing this undefined break error.. ON ALL PAGES except the home page..
Thank you to all the people who tried to help me.
Related
What's wrong with the following syntax:
if( isset($_POST['save_changes']) ) {
// Get current id of customer
$currentID = $_GET['id'];
// Get Input Values
$newfirstName = validateInputData($_POST['first_name']);
$newlastName = validateInputData($_POST['last_name']);
$newemail = validateInputData($_POST['email']);
$newphone = validateInputData($_POST['phone_number']);
$newaddressOne = validateInputData($_POST['address_one']);
$newaddressTwo = validateInputData($_POST['address_two']);
$newcounty = validateInputData($_POST['county']);
$newcity = validateInputData($_POST['city']);
$newzipCode = validateInputData($_POST['zip_code']);
$newprovince = validateInputData($_POST['province']);
$newstate = validateInputData($_POST['state']);
// Queries
$query = "UPDATE customers
SET
first_name='$newfirstName',
last_name='$newlastName',
email='$newemail',
phone='$newphone'
WHERE id='$currentID'
";
$conn->query($query) or die($conn->error.__LINE__);
$query = "UPDATE addresses
SET
address_one='$newaddressOne',
address_two='$newaddressTwo',
county='$newcounty',
city='$newcity',
province='$newprovince',
zip_code='$newzipCode',
state='$newstate'
WHERE customer_id='$currentID'
";
$conn->query($query) or die($conn->error.__LINE__);
// Bring user back to index
header("Location: index.php?alert=savechanges");
// Close connection to database
$conn->close();
}
the above query runs fine, but the row is not updated. all the field names are appropriate. When the query is tried in phpMyAdmin, row updated.
Please help, thank you.
Your validateInputData() function is not doing any validation. Hopefully it's doing some escaping, implying that you are assuming global scope for your database connection object. You didn't tell us what type of database object this is. Your error checking is poor. You don't do an explicit exit after the redirect.
Apart from that the sql looks ok.
I am trying to grab ad code from my database and echo it on to the page, but for some reason it is not showing up?
$getad = ("SELECT * FROM ads WHERE place='non-mobile' AND who='adbrite' ");
while($rows = mysql_fetch_array($getad))
{
$code = $rows['code'];
}
$ad1 = $code;
later down the page i print it like this.
<?php print $ad1 ?>
I think your problem is that you don't actually execute the query, you just have saved it in a variable ($getad) and then try to do a fetch af an array containing a string as I see it. If I remeber correctly you have to save you query in a variable, as you did, and then type
$getad = "SELECT * FROM ads WHERE place='non-mobile' AND who='adbrite' ";
$q = $db->query($getad);
// generate results:
while ($q->fetchInto($row)) {
//display or store
}
You should also include checks, for example that this code has extracted at least one row, or that database connection is working, etcetera.
First stackoverflow question ever woot!
FUNCTION : To check and see if data exist before allowing INSERT - trying to make it non-case senstive and as open as possbile since the title I'm trying to avoid a dup is only for a specifc artistid (explained below)
The table row structure is as follows
id (auto_increment)
artist (specfic id number only assigned to that artist)
title (what we are trying to make sure we don't get a dupicate only for this artist
ISSUE : Does not get needed data from database or post defined error, might be wrong in if statement = unknown exactly what is issue
$_POST['title']; is passed from user input
if (isset($submit)) {
$date = date("Ymd");
$cleanTitle = $_POST['title'];
$querytitle = mysql_real_escape_string($_POST['title']);
$queryalbum = mysql_real_escape_string($_POST['album']);
// Check to see if Title exist for specfic Artist
$checkTitle = mysql_query("SELECT * from lyrics WHERE artist = '$artist'");
if (!$checkTitle) {
die('Query Failed');
}
if ($checkTitle == $cleanTitle) {
// do whatever
}
print_r($checkTitle); // the data returned from the query
UPDATE : INSERT IGNORE wouldn't work sicne I'm inserting the data via $artist and need to check and see if title exist on that artist first. or i might be wrong. i'm unsure on how to do it
$artist is a specfic ID number defined higher in the code
Your code was incorrect, but this should work:
if (isset($submit)) {
$date = date("Ymd");
$cleanTitle = $_POST['title'];
$querytitle = mysql_real_escape_string($_POST['title']);
$queryalbum = mysql_real_escape_string($_POST['album']);
// !!! $artist is not actually set anywhere here..
$checkTitle = mysql_query("SELECT * from lyrics WHERE artist = '$artist'");
if (!$checkTitle) {
die('Query Failed');
}
/* now that you have run the query, you need to get the result: */
// (This is assuming your query only returns one result)//
$result = mysql_fetch_array($checkTitle);
// now check the value for 'title'
if ($result['title'] == $cleanTitle) {
// do whatever
}
print_r($result); // the data returned from the query
}
You were running the query, but you were not getting the results of the query. You use mysql_fetch_array() to get the results. To get the results of multiple entries, you can use the following:
// will print the 'title' for each results
while ($row = mysql_fetch_array($checkTitle)) {
echo $row['title'];
}
Now with all of that said, you should know that mysql_* is going through a deprecation process and should be replaced with mysqli or PDO. Please read the following:
Please, don't use mysql_* functions in new code. They are no longer maintained and the
deprecation process has begun on it. See the
red box? Learn about prepared statements instead, and use
PDO or MySQLi - this article will help you decide which. If you choose
PDO, here is a good tutorial.
Here is very simple code to check if that title has any post (you may already know, that at first, the file needs to require wp-blog-header.php).
$title = 'mytitlee';
global $wpdb;
$id_ofpost_name = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_name = $title");
$id_ofpost_title = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = $title");
if ($id_ofpost_name || $id_ofpost_title) {echo 'Exists, here is the id:'.$id_ofpost_title.$id_ofpost_name;}
else {echo 'post wasnt found';}
As i am trying to increment the counter to plus 1 every time when the user clicks on the image. I have written the following code but it says some error "Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\tkboom\includes\core.php on line 72". Can anyone look into this where i made a mistake..
Actually i have created 2 php files one for incrementing the counter and one for displaying the counter. In core.php file i have written the function and for displaying the count i have created a file called view.php
core.php
function GenerateCount($id, $playCount) {
global $setting;
$counter_query = "SELECT hits FROM ava_games WHERE id=".$_GET['id']."";
$counter_res = mysql_query($counter_query);
while($counter_row = mysql_fetch_array($counter_res)){
$counter = $counter_row['hits'] + 1;
$update_counter_query = "UPDATE ava_games SET hits=".$counter." WHERE id=".$_GET['id']."";
$playCount = mysql_query($update_counter_query);
$playCount = $row['hits'];
}
return $playCount;
// Get count END
}
view.php
<?php
$sql = mysql_query("SELECT * FROM ava_games WHERE published=1 ORDER BY id desc LIMIT 30");
while($row = mysql_fetch_array($sql)) {
$url = GameUrl($row['id'], $row['seo_url'], $row['category_id']);
$name = shortenStr($row['name'], $template['module_max_chars']);
$playRt = GenerateRating($row['rating'], $row['homepage']);
$playCt = GenerateCount($row['id'], $row['hits']);
if ($setting['module_thumbs'] == 1) {
$image_url = GameImageUrl($row['image'], $row['import'], $row['url']);
$image = '<div class="homepage_game"><div class="home_game_image"><img src="'.$image_url.'" width= 180 height= 135/></div><div class="home_game_info"><div class="home_game_head">'.$name.'</div></div><div class="home_game_options"><img class="home_game_options_icon" src="'.$setting['site_url'].'/templates/hightek/images/joystick-icon.png" /> '.$playRt.' <b>|</b> '.$playCt.' plays </div></div>';
echo $image;
}
}
?>
That most likely means that there's an error in the sql statement. You can get more information about the error via mysql_error().
In its simplest form:
$counter_res = mysql_query($counter_query) or die(mysql_error());
(edit: ...simplest form, but with this approach you don't give the application a chance to react to the problem, "die" as in "dead". And mysql_error() can leak too much information to a user of your webservice/website, see https://www.owasp.org/index.php/Top_10_2007-Information_Leakage_and_Improper_Error_Handling)
Your code is also prone to
sql injections, because the $_GET parameter is put into the statement without sanitizing it first
race conditions because you have a compound operation consisting of one SELECT and one UPDATE without any locking mechanism.
This is because you get the error in your SQL query.
I'd change it a little bit:
$counter_query = 'SELECT hits FROM ava_games WHERE id = ' . (int)$_GET['id'];
to make sure you always compare id against integer value.
After all, this query does not look good. First point: why are you using two queries to increment a value? UPDATE ava_games SET hits=hits+1 WHERE id=".$_GET['id'].""should do this in one step. Second point: have you heard about SQL injections? Escape or cast $_GET['id'] to avoid surprises ;)
Convert the value in int first like that:
function GenerateCount($playCount) {
global $setting;
$counter_query = "SELECT hits FROM ava_games WHERE id=".$_GET['id']."";
$counter_res = mysql_query($counter_query);
while($counter_row = mysql_fetch_array($counter_res)){
$counter = intval($counter_row['hits']) + 1;
$update_counter_query = "UPDATE ava_games SET hits=".$counter." WHERE id=".$_GET['id']."";
$playCount = mysql_query($update_counter_query);
$playCount = $row['hits'];
}
return $playCount;
// Get count END
}
and check link:
Convert into int
If mysql_query returns a Boolean, your query failed.
Presuming id is the primary key, you can use the following function to update on a database level which will prevent race conditions:
function GenerateCount($playCount) {
global $setting;
$update_counter_query = "UPDATE ava_games SET hits=hits + 1 WHERE id=".intval($_GET['id'])."";
mysql_query($update_counter_query) or die(mysql_error());
$counter_query = "SELECT hits FROM ava_games WHERE id=".intval($_GET['id'])." LIMIT 1";
list($playCount) = mysql_fetch_row(mysql_query($counter_query));
return $playCount;
// Get count END
}
also note the intval() around the $_GET variable to prevent SQL injection
I'm dealing with strange problem.
$result = mysql_query("SELECT link FROM item WHERE item_id='$id2'") or die(mysql_error());
$row = mysql_fetch_assoc($result);
$picture = ''.$row['link'].'';
echo"$picture";
Gives me result http://127.0.0.1/1321426277. without ending, while in column link link is: http://127.0.0.1/1321426277.jpg. Why it cuts ending?
For testing purposes please run
$result = mysql_query("SELECT link, Length(link) as l FROM item WHERE item_id='$id2'") or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ( !$row ) {
echo 'no such record';
}
else {
$l = strlen($row['link']);
var_dump($l, $row['l'], $row['link']);
$picture = $row['link'];
echo "'$picture'";
}
and post the result.
I don't see anything in your code that would cause the link to be truncated. Have you checked to make sure you have the correct data in your table?
It looks like a bug in the data. Print out (and select) the ID at both places (the query in your question and the other place where you use it in img src tag). I bet they will differ. Or, you should check SELECT count(1) FROM item WHERE item_id='xxx'*, where xxx is the ID of the magic record.
Ah now I see = the problem is because you code contains an 'r' after the 'o' rather then before - it is so clear now because you provided such a complete example of the behavior that I replicate on my machine.
WTF