Jump to content

passing multiple vars in url

mattwal

By mattwal
in PHP Coding Help

 Share

Recommended Posts

mattwal Member

mattwal

Posted
Posted

Hello everyone,

 

I am having trouble with 2 parts of my cms class. The first part displays a UL navigation list that is pull dynamically from the database. It is supposed to show up as a link to which category the user clicks on. I am using 2 variables to pass along in the link to get the category type and posts with the category value of the same.

 

From there depending on what category the user clicks it directs them to category.php?category=[category from the navlist]&post=[category define in the post].

 

Here is a visual IMG of the index.page and what I am talking about.

 

attachment.php?attachmentid=990&d=1238863432

 

As you can see it is displaying correctly. I just don't know if it is set up in a way might cause more problems for what I am wanting to do with it or not?

 

//here is my database setup with relevant information:

// cms_category_list table

c_id    c_category
  1  	  Web Design
  2 	  Tutorials
  3 	  XBox 360 Games
  4 	  Resource Links

//cms_content table:

id 	title 	                        category 	             body 	                date
2 	Second Post 	        Web Design 	     Lorem ipsum 	2009-04-02 03:05:41
3 	3rd Post 	                Tutorials 	             Lorem ipsum 	2009-04-02 20:20:49
4 	4th Post 	                XBox 360 Games   Lorem ipsum       2009-04-02 20:21:14
5 	5th Post 	                Resource Links      Lorem ipsum       2009-04-02 20:25:43

 

 

//here is how I made the category list and display the link:

function show_category_list() {
	  
		$sql = "SELECT * FROM cms_category_list, cms_content WHERE cms_category_list.c_category = cms_content.category";
		$res = mysql_query($sql) or die(mysql_error());

		if(mysql_num_rows($res) != 0):
		  while($row = mysql_fetch_assoc($res)) {
			  echo '<li><a href="category.php?category=' . $row['c_category'] . '&post=' . $row['category'] . '">' . $row['c_category'] . '</a></li>';
        }
				 else:
				  echo '<p>Uh Oh!, this doesn\'t exist!</p>';
	       endif;
}

 

The second part is really where I have no idea what I'm doing. I want the category.php page to get the variables from the link on the index page and display post that have the same category as the navlist menu link they click on. E.g. (user clicks on resource link menu item from index and is taken to category.php page that shows all posts that have a resource category.

 

//here is what i have and and I am getting a parse error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\wamp\www\dummy\_class\cms_class.php on line 154.

 

The hilghlighted RED code is line 154.

 

 

function get_category() {

		$category = mysql_real_escape_string($category);
		$post = mysql_real_escape_string($post);
                   //$sql - line 151
	$sql = "SELECT * FROM cms_category_list, cms_content WHERE cms_category_list.' . $_GET['c_category'] . ' = cms_content.' . $_GET['category'] . '";

		$return = '<p><a href="index.php">Go Back To Content</a></p>';
	else:
		$sql = "SELECT * FROM cms_category_list, cms_content WHERE cms_category_list.c_category = cms_content.category";
	endif;

	$res = mysql_query($sql) or die(mysql_error());

		while($row = mysql_fetch_assoc($res)) {
			echo '<h1><a href="index.php?id=' . $row['id'] . '">' . $row['title'] . '</a></h1>';
			echo '<span>Posted on: ' . $row['D'] . '</span>';
			echo '<p>' . $row['body'] . '</p>';
		}
	else:
		echo '<p>Uh Oh!, this doesn\'t exist!</p>';
	endif;

	echo $return;
}

 

If anyone could point me in the right direction would be great![/img]

Link to comment
Share on other sites
Fruct0se Newbie

Fruct0se

Posted
Posted

Your category in your url cannot contain spaces, you need to replace any spaces with %20% which is the browsers equivilent of a space. Check out preg_replace to swap spaces for %20% on your variable $row['c_category'] on the line:

 

echo '<li><a href="category.php?category=' . $row['c_category'] . '&post=' . $row['category'] . '">' . $row['c_category'] . '</a></li>';

Link to comment
Share on other sites
mattwal Member

mattwal

Posted
  • Author
Posted

OK Ignore the post above I believe I over complicated the matter.

 

I am using the cms_category_list table to dynamically display a category UL list menu. I believe I can use this SQL statement:

$sql = "SELECT * FROM cms_content, cms_category_list WHERE cms_content.category = cms_category_list.c_category";

to pass on (1) variable through the URL like so:

echo '<li><a href="category.php?post=' . $row['category'] . '">' . $row['c_category'] . '</a></li>';

 

The problem I am encountering is how to get the passed variable and display all posts with the category the user clicked on on the main page.

 

here my functions 1st function displays UL category links, 2nd retrieves it and displays it. #2 is giving me:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Links' at line 1

 

function show_category_list() {
	  
		$sql = "SELECT * FROM cms_content, cms_category_list WHERE cms_content.category = cms_category_list.c_category";
		$res = mysql_query($sql) or die(mysql_error());

		if(mysql_num_rows($res) != 0):
		  while($row = mysql_fetch_assoc($res)) {
			  echo '<li><a href="category.php?post=' . $row['category'] . '">' . $row['c_category'] . '</a></li>';
        }
				 else:
				  echo '<p>Uh Oh!, this doesn\'t exist!</p>';
	       endif;
}

function get_category() {

		$category = $_GET['post'];
		$sql = "SELECT * FROM cms_content WHERE cms_content='$category'";  

	  $res = mysql_query($sql) or die(mysql_error());

		while($row = mysql_fetch_assoc($res)) {
			echo '<h1><a href="index.php?id=' . $row['id'] . '">' . $row['title'] . '</a></h1>';
			echo '<span>Posted on: ' . $row['D'] . '</span>';
			echo '<p>' . $row['body'] . '</p>';
		}


	echo $return;
}

Link to comment
Share on other sites
mattwal Member

mattwal

Posted
  • Author
Posted

@Fruct0se

 

Thank you for the information. I was under the assumption the browser/php would just use the %20% in the spaces and it would be fine... I'll check it out and make note of it..

 

P.S. for your 2nd reply it is stating:

Unknown column 'cms_content' in 'where clause'
Link to comment
Share on other sites
mattwal Member

mattwal

Posted
  • Author
Posted

O.K. lmao getting irratated now cause I don't know what I'm looking for..

 

As far as I know this should pull the variable from the index page:

$category = $_GET['post'];

 

I think I'm not making the right sql query and that's the root of the problem:

$sql = "SELECT * FROM cms_content WHERE content='$category'";

 

I know I use a join to match posts to the category menu in the  show_category_list() function.

 

My question at the moment would be:

 

Since I pulled all that information from the cms_category table AND cms_content table into a variable and passed it on in a URL. Can or how can I access that information and do I need another SQL query to display it?

 

 

Link to comment
Share on other sites
mattwal Member

mattwal

Posted
  • Author
Posted

O.K. I have solved this issue:

 

From the index.php page:

 

I wanted to display a list of categories that my posts are in and have it linked to a page that displays all posts under whatever the user clicked on (i.e. tutorials, games, general, etc.)

 

I looked through one of my PHP books and saw an example using left join:

SELECT * FROM url_categories LEFT JOIN url_associations USING (url_category_id);

 

I read that if both tables you are joining have the same column name i could simplify the query using the above code. So i changed my column from c_category in cms_category_list to category which is the column name in the cms_content.

 

and outputted it as follows:

 

function show_category_list() {

		$sql = "SELECT * FROM cms_content LEFT JOIN cms_category_list USING (category)";
		$res = mysql_query($sql) or die(mysql_error());

		if(mysql_num_rows($res) != 0):
		  while($row = mysql_fetch_assoc($res)) {
			  echo '<li><a href="category.php?post=' . $row['category'] . '">' . $row['category'] . '</a></li>';
        }
				 else:
				  echo '<p>Uh Oh!, this doesn\'t exist!</p>';
	       endif;
}

 

On category.php page I elaborated on the SQL query using a WHERE clause to limit the posts to the predefined variable $cat which is equal to 

$_GET['post']

.

 

my function is as follows:

function get_category() {

		$category = $_GET['post'];
		echo $_GET['post']; //shows whatever category the user clicks
		echo '<br /><br />';
		$cat = $_GET['post'];

      $sql = "SELECT * FROM cms_content LEFT JOIN cms_category_list USING (category) WHERE category = \"$cat\""; 
		$res = mysql_query($sql) or die(mysql_error());

		if(mysql_num_rows($res) != 0):
		  while($row = mysql_fetch_assoc($res)) {
			  echo '

				<h2>' . $row['category'] . '</h2>
				<h1>' . $row['title'] . '</h1>
				<p>' . $row['body'] . '</p>

				';
        }
				 else:
				  echo '<p>Uh Oh!, this doesn\'t exist!</p>';
	       endif;

}

 

You will notice i echo out what the get['post'] is equal too. this is just a reference check to see if it was working...

 

I did however get some advice to use preg_replace, and that my code is subject to XSS attacks...

 

1) I am wondering my link that redirects the user from the index page to the category page goes like this:

http://localhost/dummy/category.php?post=Web Design

 

With the space in between Web and Design. This is the only thing that might be consider dangerous I believe but do not know.

 

I read a article telling me to use htmlspecialchars() to convert all HTMl characters to thier entities.  I dont know if this is needed or not?

 

If anyone could please help me out and and suggest anything that might secure address from this threat I would be appreciative! 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.