I am working on a client's application www.islamicaim.com. I have problem in url writing in video section. I was using url something like http://islamicaim.com/video_play.php?id=6 for playing videos. Videos work fine but now according to the new requirement of the client I want to write the url something like http://www.islamicaim.com/category/author/video/title.php for making the SEO friendly url.
I have stored the name of an author in database and name can contain space some thing like mr xyz. While using this name I am facing problem. If any one can suggest me how I can achieve this goal as i am a learner of Php. Thanks.....
Here is my query $q2="select id from media_author where name='".$author_name."'";
while $author_name has value "mr xyz"
and I am recieving this error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 i have checked this query by running in sql it works fine..
Link where I am having problem is at http://islamicaim.com/media_details.php?category=Talawat-e-Quran&author=Qari%20Syed%20Sadaqat%20Ali
I'm not sure what specific error you are having as you basically just said it presently isn't working for you. But as you said the issue is the url can contain "mr xyz", it's probably that you need to replace the space with a %20.
I don't know PHP but I'm guessing that it, like every other language, has a call to encode a url - call that on your url and that will transform all characters that need to be in the %xx form.
Can't see any problem with your query, unless there is a problem with something else. Have you tried all the possibilities for this? Such as:
$q2 = "SELECT id FROM media_author WHERE name = $author_name";
Or
$q2 = "SELECT * FROM media_author WHERE name = '$author_name'";
Maybe you should add some more related code for us to check.
Related
I'm working on redirecting people if they type a "not really wrong url".
For example I have a good URL http://www.website.com/category/foo-bar-if-bar-foo/.
This one works so if a user enter to my website with it, I can retrieve the article corresponding.
But if someone enter to my website with a not really wrong url like http://www.website.com/category/foo-bar-foo/ because an another website has referenced a wrong url, I should redirect him to the right one instead of having a 404 status code...
So how should I do this? and Most important, should I do this ?
I actually use Eloquent with Laravel 4.2.
Thank you in advance.
EDIT
I was wrong about stackoverflow, thanks for your comment. It uses the unique ID of a post.
EDIT 2
I Looked at SOUNDEX function in SQL, it's really good if there is a small difference like a character or two missing. But if my url is as broken as my example, it's not working anymore obviously. But thanks it's gonna be usefull.
Just thinking off the top of my head, you could create a SQL table (with Full-Text indexing enabled) containing all your paths (it might already exist).
In the event that a 404 is triggered, hijack that and do a MATCH (Full Text Search) and return the path with the highest scoring MATCH (you can also consider using a score threshold to prevent nonsensical matches).
I have a complex database search page which allows users to select which fields are called from the database, which fields is he searching by and so on. After seeing the results he has the option to download an excel file including the results. This file will be created after he clicks on the download link (This way the searches are faster and you have to wait longer only when you want to download the file - usually thousands of results mach). For this to work I need to pass on the same query string to another php file which will create the excel file.
My code is as follows
$downloadLink = "<a href='excel.php?download=".$query."'>Download (.xlsx file)</a>";
echo $query;
Let's say that my $query variable contains the following:
SELECT `people_id` , `source`, `volunteer`, `last_name`, `first_name` FROM `people` WHERE `first_name` LIKE 'Jon%' ORDER BY `people_id`
when i echo out the data it shows correctly but when I click on the link it sends me to
http://localhost/projects/Adatbazis3/excel.php?download=SELECT%20`people_id`%20,%20`source`,%20`volunteer`,%20`last_name`,%20`first_name`%20FROM%20`people`%20WHERE%20`first_name`%20LIKE
Is there a limit to the amount of characters that can be in a $_GET
variable?
Is there a problem in the code?
What other solution might be possible?
First of all you should urlencode the $query when you are printing as html
$downloadLink = "<a href='excel.php?download=".urlencode($query)."'>Download (.xlsx file)</a>";
2nd of all there is a limit for the length of GET requests on the browser's end. As I remember it is around 2000 characters for Internet Explorer and around 8000 chars for proper browsers
As a 3rd thing I would like to express my opinion: You should never ever send mysql queries like this. It exposes a lots of security issues. Try sending the variable parts instead and build your query in the back end (make sure you properly sanitize your input)
First you should pass the result from the query and if you are passing in url. You should use url_encoded for passing and plz don't pass whole query in your url
To pass secret stuff from one to the other PHP, use $_SESSION global array.
To expose any query to the browser like you are doing (besides the flaws with improper encoding) is way dangerous!
Assume, someone alters your query to "SELECT * from people" and captures the output - wouldn't it expose the entire "people" table to everyone?
Look at this link!
Edited:
The page is protected from any unauthorized access
If this would be true, would you bet your legs on that? Don't be silly, even authorized people are doing crime.
Before i call this question, yes i know mysql_query is a bad practice but i need to fix this first then in the near future i will move to PDO or something ok..
I have a code that works perfectly in localhost using php 5.4 the problem is when i load it in server, everything works fine, there is just one error, that at this moment , im blind at it.
On a description field, for a kind of articles in a blog, i use elrte and elfinder editor, the problem is when i send a image to store in de Database, i have different results.
In local i do store the <img src="folder/ok/img.jpg"> but in the server for some reason the same files, and code store that in the database as <img src="\"/folder/ok/img.jpg\"" >
This must be related to this lines (the description file is going on $desc)
if(isset($_POST['submit'])){
//protect and then add the posted data to variables
$titulo = protect($_POST['titulo']);
$desc = mysql_real_escape_string ($_POST['desc']);
$cat_id = protect($_POST['cat_id']);
But can somebody explain this behaviour, cause im blind at this, also i know there are security issues on this, but well at least we are not storing any NASA info.
hope anyone can help me on this
Without having looked too far into it, mysql_real_escape_string is deprecated and you should use mysqli_real_escape_string() now (which goes with the new mysqli lib)
Are you sure $_POST['desc'] is the same on localhost and server? Maybe your POST request is being formed incorrectly
I have worked with MySQL before but it has been a LONG time ago. Now I am trying to set up a database using phpMyAdmin.
I am trying to setup this database for the Article Friendly script. The instructions state that you need to use a little script that they have furnished:
define("DB_NAME","a6852953_article");
define("SERVER_NAME","'mysql12.000webhost.com'");
define("USER_NAME","a6852953_article");
define("PASSWORD","*********");
$dbhost=SERVER_NAME;
$dbuser=USER_NAME;
$dbpasswd=PASSWORD;
$dbname=DB_NAME;
It chokes on the first line, and if I remove that it chokes on whatever is there.
The syntax looks correct to me with what little I remember and I also checked the manual for 5.1 which is what my host uses.
Can anyone spot anything wrong?
Looks like it might actually be choking on the second line...
define("SERVER_NAME","'mysql12.000webhost.com'");
... likely because you have single quotes inside the double quotes. Try changing the line to this:
define("SERVER_NAME","mysql12.000webhost.com");
If it is the first line however, make sure that the database you listed already exists -- if not, you should be able to login to phpMyAdmin and run:
CREATE DATABASE a6852953_article
:)
Currently I have url's in this format:
http://www.domain.com/members/username/
This is fine.
However each user may have several 'songs' associated with their account.
The url's for the individual song's look like this:
http://www.domain.com/members/username/song/?songid=2
With the number at the end obviously referring to the ID in the MySQL database.
Using jQuery/javascript, the ID is collected from the URL and the database is then queried and the relevent song/page is rendered.
I would like to change these URL's to the following format instead:
http://www.domain.com/members/username/song/songname/
But I have absolutely no idea how to go about it. I've been doing quite a bit of reading on the subject but haven't found anything quite relevant to my situation.
To further compound the challenge, song names are not always unique. For instance if we image the song name 'hello' it is quite possible that another song may exist in the database with the same name, albeit with a different song ID.
Given the limit information you are recieving in this question I am quite content with more generalised answers, describing the approach to take.
General info:
Apache/Nginx proxy
Backend: PHP
jQuery/Javascript front end
I don't know how do you store songs in the database but an idea:
use URL rewrite to rewrite members/username/song/songname/ to song.php?user=username&song=songname. There are plenty of tutorials here or perhaps try to use an URL rewrite-generator tool.
In song.php, get these GET values. Do a MySQL query where the songname and the username match. Output the result.
Note: it is OBLIGATORY to make that a user can store only one song with a given name. Also, the storing user's name MUST be stored. Else this is impossible.
Simple Apache rewrites, in the main httpd.conf file, or an htaccess file if you don't have access to the main config file should suffice