Error at line 1

[googlit]

ok...

so my page.php works perfectly when it is receiving date ie the url is page.php?id=x, but how do i set a default for the page? for example if someone browses to page.php at the moment i just get an error message:

 

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"

 

shouldnt it echo Result not found? what have i done wrong??

 

php below:

 

<?php

$max_columns = 3;


include_once "include/globals.php";    //globals contains db connection

if (isset($_GET['cat-id'])) {
	$id = $_GET['cat-id'];
	}


?>

<?php 


        
        //Get database Results
        $result = mysql_query("SELECT * FROM Products WHERE is_active = 1 AND catagory_id = $id ") or die(mysql_error());
        
        if(mysql_num_rows($result)===0)
{
    $output = "No records found.\n";
}
else
{
    $output = "<table>\n";
    //keeps getting the next row until no more records
    $recNo = 0;
    while($row = mysql_fetch_array($result))
    {
        $recNo++;
        //Start new row when needed
        if($recNo%$max_columns==1)
        {
            $output .= "<tr>\n";
        }
        //Create TD for record
        $output .= "<td><div class=\"table-bg\">";
        $output .= "<div class=\"title\">{$row['Name']}</div>";
        $output .= "<div class=\"image\">";
        $output .= "<a href=\"product_detail.php?id=\"><img src=\"{$row['image']}\" width=\"100\" alt=\"\" border=\"0\"></a>";
        $output .= "</div>";
        $output .= "<div class=\"tag_line\">{$row['Tag_Line']}</div>";
        $output .= "<div class=\"price\">Now Only: £{$row['Website_Price']}</div>";
        $output .= "<div class=\"prod-footer\"><a href=\"product_detail.php?id={$row['ID']}\">more info</a></div>";
        $output .= "</div></td>\n";
        //Close row when needed
        if($recNo%$max_columns==0)
        {
            $output .= "</tr>\n";
        }
    }
    //Close final row if needed
    if($recNo%$max_columns!=0)
    {
        $output .= "</tr>\n";
    }
    $output .= "<table>\n";
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link href="styles/stylesheet.css" rel="stylesheet" type="text/css" />
</head>

<body>
<div id="Wrapper">
<?php include "include/header.php"; ?>
<?php include "include/thinnav.php"; ?>
<?php include "include/nav.php"; ?>
<div id="main">
    <?php //echo $output; ?>
    </div>
<?php include "include/right-nav.php"; ?>
<?php include "include/footer.php"; ?>
    

</div>
</body>
</html>
    


    

 

pleasse help this is doing my nuts in...........

[micah1701]

<?php

if (isset($_GET['cat-id'])) {
$id = $_GET['cat-id'];
}else{
$id = 'your-default-category-id';
}

?>

[rwwd]

What would the default page value be? Is there a page one or 1, if there is you can see if the $_GET has been set & if it's a numerical value and if not, assign a DEFAULT numerical value to it as a default clause...

 

<?php
if (isset($_GET['cat-id']) && !empty($_GET['cat-id'])) {
$id = (int)strip_tags($_GET['cat-id']);//assuming that it's an int being passed
}else{
$id = 'your-default-category-id';
}
?>

just to expand on the offered suggestion, adding some security and 'forcing' the issue on it being an integer, this also ensures that it's a whole number and not a floating point number, though admittedly there are other options, but this will get you started..

 

Kudos to micah1701 too!

 

Rw

[googlit]

how would i redirect to a page? for example index.php?

 

thamks for your help so far !! impressed!

[rwwd]

You mean if the first condition wasnt met? If so like this:-

<?php
if (isset($_GET['cat-id']) && !empty($_GET['cat-id'])) {
$id = (int)strip_tags($_GET['cat-id']);//assuming that it's an int being passed
}else{
header("location: YOUR_FILE_GOES_HERE");
exit;
}
?>

 

Though I'm not advocating this method, from the example provided I would stick with having a default value set, then you know that if someone tried to hack, you were at least protected against spurious data injections..

 

Rw

[googlit]

thanks guys, your a credit to this site!!