[SOLVED] Special Character _GET Problem - empty page

[EternalSorrow]

I'm currently working on a page which 'gets' the specified variables from the fields 'title' and 'author' from three tables.  The extra trick is some titles and some authors' names contain special characters, so I'm using the 'sprintf' method to avoid an error message.

 

For the three tables I'm retrieving information from the first two in the main query, and accessing the third table in a subquery.  The problem lies in the subquery for the third table, here called 'information.'

 

I'm trying to retrieve the fields 'datetime' and 'summary' from 'information' using array, but whenever I place the proper snippet into the main code the page becomes blank without even an error message.  When I remove the snippet the page reappears without any error messages, but I'm left without the information stored in the 'information' table.

 

Any ideas what the error could be in my code?  (Beware, it's a mess)

 

<?php

if (!is_numeric($_GET["author"]) && !empty($_GET["author"]) && $_GET["author"]!="")
{
$author = $_GET["author"];
}

if (!is_numeric($_GET["title"]) && !empty($_GET["title"]) && $_GET["title"]!="")
{
$title = $_GET["title"];
}

mysql_connect(localhost,user,pw);
@mysql_select_db(db) or die( "Unable to select database");

$query = sprintf("SELECT * FROM archives LEFT JOIN author ON author.id = archives.id 
WHERE `author`= '%s' AND archives.title = '%s' LIMIT 1 ", mysql_real_escape_string($author),  mysql_real_escape_string($title)) or die(mysql_error());
$result = mysql_query( $query ) or die(mysql_error());

while ($row = mysql_fetch_array($result))
{
extract($row);

$select_category = sprintf("SELECT DISTINCT category FROM archives LEFT JOIN author ON author.id = archives.id 
WHERE `title` = '%s' AND `author`= '%s' ORDER BY category asc", mysql_real_escape_string($title), mysql_real_escape_string($author));

$select_category = mysql_query($select_category) or die (mysql_error());

$cat = "";
while ($row2 = mysql_fetch_array($select_category)) {
   $cat .= "<a href=\"category.php?category={$row2[category]}\">{$row2[category]}</a>, ";
}

$cat = substr($cat,0,-2);

$select_date = sprintf("SELECT author, title, summary, date_format(information.datetime,'%%M %%D, %%Y') AS datetime FROM information WHERE `author`= '%s' AND title = '%s' ", mysql_real_escape_string($author), mysql_real_escape_string($title));
$select_results = mysql_query($select_date) or die (mysql_error());

$tableArray = mysql_fetch_array($select_results) or die (mysql_error());

echo '<h1>Info: '.$title.'</h1>

<div class="story_url"><a href="'.$url.'" target="_blank">Read</a></div>

Author: <a href="author.php?author='.$author.'">'.$author.'</a>
<br>Categories: '.$cat.'
<br>Rating: '.$rating.'
<br>Last Updated: '.$tableArray['datetime'].'

<p>Summary: '.$tableArray['summary'].'';

}
?>

[WolfRage]

Which line is the one that you are adding or removing? Also is it possible that one of your die() statements is being set off. But that the querry is not reporting an error?

[EternalSorrow]

This is the line which I am forced to remove:

 

$select_date = sprintf("SELECT author, title, summary, date_format(information.datetime,'%%M %%D, %%Y') AS datetime FROM information WHERE `author`= '%s' AND title = '%s' ", mysql_real_escape_string($author), mysql_real_escape_string($title));
$select_results = mysql_query($select_date) or die (mysql_error());

$tableArray = mysql_fetch_array($select_results) or die (mysql_error());

 

If any of the die() is being set off, I have no idea why it wouldn't show the mysql_error, even on the page source.  Here's an example page of the problem.

[WolfRage]

Well to find out if that is the case lets do this.

<?php
die('Died at first die() :'.mysql_error());
?>

Do the same for the second but re-lable it.

[EternalSorrow]

The code is dying at this point:

 

$tableArray = mysql_fetch_array($select_results) or die('Died at third die() :'.mysql_error());

 

Though it still isn't giving an error message, it merely reads:

 

Died at third die() :

[WolfRage]

Ok so error reporting may not be on for your server. But you can also do a var_dump($select_results); because I think you will find that $select_results is not an array.

To turn on Error reporting post the following at the very top of your code.

 
<?php
ini_set ("display_errors", "1");
error_reporting(E_ALL);
?>

[EternalSorrow]

The Error Reporting merely complains about undefined constants in my database connection area and this line:

 

   $cat .= "<a href=\"category.php?category={$row2[category]}\">{$row2[category]}</a>, ";

 

for this transgression:

 

Notice: Use of undefined constant category - assumed 'category' in /home/animara/public_html/inufiction/info.php on line 46

[WolfRage]

I added single qoutes. You are accessing an array by the key name so you must use single qoutes to state the name of the key.

<?php
$cat .= "<a href=\"category.php?category={$row2['category']}\">{$row2['category']}</a>, ";
?>

[EternalSorrow]

That fixed that error, but I'm still left with the page containing only the "Died at third die" on this line:

 

$tableArray = mysql_fetch_array($select_results) or die('Died at third die() :'.mysql_error());

 

I've tried removing that line and it fixes the problem, but then I have no idea how I'm supposed to display the information queried from that table.

[WolfRage]

Did you do a var_dump on that variable like I stated earlier to see if it is in fact a variable? Do it just prior to the line that is giving you the trouble.

<?php
var_dump($select_results); 
?>

[EternalSorrow]

The message which comes up is:

 

resource(21) of type (mysql result) Died at third die() :

[WolfRage]

Try mysql_fetch_object() see if that fails. I am looking into this right now. Also can you remove the or die part and make sure you have error reporting on so that we can see any extra errors that might help to troubleshoot it.

 

Edit: It may also be returning false, which could mean that your input is incorrect. To check for FALSE, do this:

<?php
$tableArray = mysql_fetch_array($select_results);
if($tableArray===FALSE){
  echo 'Returning FALSE<br />';
}
?>

There are a hundred other ways you could perform this same check so you do not have to do it exactly this way. But just to troubleshoot.

 

[EternalSorrow]

Here's the update:

 

[*]The mysql_fetch_object() does allow the rest of the page to show, but it returns False so the queried data from the 'information' table doesn't appear

[*]mysql_fetch_array is also returning False

[TeNDoLLA]

Just a side note nothing really to solve this thing, but it is always good to run the SQL queries in some sort of SQL program or from the SQL command line and see if the results are the kind of results you want to see if they don't work straight away in php. Just a note that might be worth checking.

[EternalSorrow]

Just a side note nothing really to solve this thing, but it is always good to run the SQL queries in some sort of SQL program or from the SQL command line and see if the results are the kind of results you want to see if they don't work straight away in php. Just a note that might be worth checking.

 

This code actually worked perfectly before I realized the sprintf has to be initialized, and I have used it several times without having any difficulty.  It's just the special characters which have thrown it for a loop.

[EternalSorrow]

Bump for notice.

[TeNDoLLA]

If you have all error reporting on and all mysql errors should be thrown in die()'s and nothing appears.. I don't know.. maybe try echoing allqueries before you run them in the code and see if they have correct query inside? Also I noticed that in the lines you have been adding and removing you have one field assigned in the query like this: date_format(information.datetime,'%%M %%D, %%Y') AS datetime, is not there too many percentage signs ? Should not that be like: date_format(information.datetime,'%M %D, %Y') AS datetime.

[EternalSorrow]

Without those extra percentage signs the page would throw this error message:

 

Warning: sprintf() [function.sprintf]: Too few arguments in /home/animara/public_html/inufiction/info.php on line 46

Query was empty

 

It has something to do with the date_format conforming with PHP rather than the mysql.

[EternalSorrow]

Well, I found the problem and it is stupid.  Apparently for the troubled query I had to switch the last part of the query line so that the mysql_real_escape_string for 'title' came before the mysql_real_escape_string for 'author'.

 

So switch this:

 

$select_date = sprintf("SELECT author, title, summary, date_format(information.datetime, '%%M %%D, %%Y') AS datetime FROM information WHERE `author`= '%s' AND title = '%s' ", mysql_real_escape_string($author), mysql_real_escape_string($title));

 

to this:

 

$select_date = sprintf("SELECT author, title, summary, date_format(information.datetime, '%%M %%D, %%Y') AS datetime FROM information WHERE `author`= '%s' AND title = '%s' ", mysql_real_escape_string($title), mysql_real_escape_string($author));

 

Whether that's because the other queries follow that sequence or some other reason, I honestly I have no idea.

[WolfRage]

Hmmm I am not sure how that logicly makes a difference, interesting. Well any ways, glad it is fixed.

[EternalSorrow]

Actually, I ended up changing it back because it interfered with another part of my code, and somehow the entire mechanism switched into "will now work" mode.

 

So this is one of those solved topics with an unsolved mystery.