issue with passing variables in URL.

[HDFilmMaker2112]

The below works for ?rma=non-returned and &year=$year, however once it's get down to month it doesn't work. Everything seems to be in the proper brackets, but it's still not working. It goes to a blank page when month=$month is added to the URL. The URL looks like this : ?rma=calander&year=2011&month=5

elseif($_GET['rma']=="calender"){
$sql101010="SELECT DISTINCT rma_year_issued FROM $tbl_name4 WHERE rma_issued='y' ORDER BY rma_year_issued";
$result101010=mysql_query($sql101010);
while($row101010=mysql_fetch_array($result101010)){
extract($row101010);
$content.='<a href="./acp_admincp.php?rma=calender&year='.$rma_year_issued.'">'.$rma_year_issued.'</a>
<br />';
}

if(isset($_GET['year'])){
$content="";
$logout.=' | <a href="./acp_admincp.php?rma=calender">Back to RMA Calender</a>';
$rma_year_issued=$_GET['year'];
$sql111010="SELECT DISTINCT rma_month_issued FROM $tbl_name4 WHERE rma_year_issued='$rma_year_issued' ORDER BY rma_month_issued";
$result111010=mysql_query($sql111010);
while($row111010=mysql_fetch_array($result111010)){
extract($row111010);
if($rma_month_issued=="1"){$rma_month_issued2="January";}
if($rma_month_issued=="2"){$rma_month_issued2="February";}
if($rma_month_issued=="3"){$rma_month_issued2="March";}
if($rma_month_issued=="4"){$rma_month_issued2="April";}
if($rma_month_issued=="5"){$rma_month_issued2="May";}
if($rma_month_issued=="6"){$rma_month_issued2="June";}
if($rma_month_issued=="7"){$rma_month_issued2="July";}
if($rma_month_issued=="8"){$rma_month_issued2="August";}
if($rma_month_issued=="9"){$rma_month_issued2="September";}
if($rma_month_issued=="10"){$rma_month_issued2="October";}
if($rma_month_issued=="11"){$rma_month_issued2="November";}
if($rma_month_issued=="12"){$rma_month_issued2="December";}
$content.='<a href="./acp_admincp.php?rma=calander&year='.$rma_year_issued.'&month='.$rma_month_issued.'">'.$rma_month_issued2.'</a>
<br />';
}
if(isset($_GET['month'])){
$content="";
$logout.=' | <a href="./acp_admincp.php?rma=calender&year='.$rma_year_issued.'">Back to RMA Calender Year</a>';
$rma_month_issued=$_GET['month'];
$sql211010="SELECT * FROM $tbl_name4 WHERE rma_year_issued='$rma_year_issued' AND rma_month_issued='$rma_month_issued' ORDER BY rma_date_issued";
$result211010=mysql_query($sql211010);
while($row211010=mysql_fetch_array($result211010)){
$content.='<a href="./acp_admincp.php?rma=calander&year='.$rma_year_issued.'&month='.$rma_month_issued.'&id='.$rma_id.'">'.$rma_number.'</a>
<br />';
}
}
}
}

 

The issue maybe the AND in the SQL query... however I need to be sure that the data pulled is of that specific month and that specific year. Not one or the other.

[kenrbnsn]

You are doing absolutely no error checking and no validation of your input paramenters. Never trust user data.

 

Here's how I would re-write your code:

<?php
elseif($_GET['rma']=="calender"){
$sql101010="SELECT DISTINCT rma_year_issued FROM $tbl_name4 WHERE rma_issued='y' ORDER BY rma_year_issued";
$result101010=mysql_query($sql101010);
while($row101010=mysql_fetch_array($result101010)){
	extract($row101010);
	$content.='<a href="./acp_admincp.php?rma=calender&year='.$rma_year_issued.'">'.$rma_year_issued.'</a>
	<br />';
}

if(isset($_GET['year'])){
	$content="";
	$logout.=' | <a href="./acp_admincp.php?rma=calender">Back to RMA Calender</a>';
	$rma_year_issued=int($_GET['year']);
	$sql111010="SELECT DISTINCT rma_month_issued FROM $tbl_name4 WHERE rma_year_issued='$rma_year_issued' ORDER BY rma_month_issued";
	$result111010=mysql_query($sql111010) or die("Problem with the query: $$sql111010<br>" . mysql_error());
	$months = array('', 'January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December');
	while($row111010=mysql_fetch_array($result111010)){
		$rma_months_issued2 = $months[$row111010['rma_month_issued']];
		$content.="<a href='./acp_admincp.php?rma=calander&year=$rma_year_issued&month=$rma_month_issued'>$rma_month_issued2</a><br />";
	}
	if(isset($_GET['month'])){
		$content="";
		$logout.=' | <a href="./acp_admincp.php?rma=calender&year='.$rma_year_issued.'">Back to RMA Calender Year</a>';
		$rma_month_issued=int($_GET['month']);
		$sql211010="SELECT * FROM $tbl_name4 WHERE rma_year_issued='$rma_year_issued' AND rma_month_issued='$rma_month_issued' ORDER BY rma_date_issued";
		$result211010=mysql_query($sql211010) or die("Problem with the query: $sql211010<br>" . mysql_error());
		while($row211010=mysql_fetch_array($result211010)){
			$content.="<a href='./acp_admincp.php?rma=calander&year=$rma_year_issued&month=$rma_month_issued&id=$rma_id'>$rma_number</a><br />";
		}
	}
}
}
?>

 

Also, in the last loop, you're not using anything from the results of the query.

 

Ken

[HDFilmMaker2112]

Copied that... get the following:

 

Fatal error: Call to undefined function int() in /home/zyquo/public_html/ghosthuntersportal.com/acp_admincp.php on line 282

 

$rma_year_issued=int($_GET['year']);

 

I changed it to is_int(); and I get a blank page at ?rma=calender&year=2011

[kenrbnsn]

Sorry, it's

<?php
$rma_year_issued=(int)$_GET['year'];
?>

instead of

<?php
$rma_year_issued=int($_GET['year']);
?>

 

Ken

[HDFilmMaker2112]

Sorry, it's

<?php
$rma_year_issued=(int)$_GET['year'];
?>

instead of

<?php
$rma_year_issued=int($_GET['year']);
?>

 

Ken

 

Alright, changed that I'm still getting a blank page. When I went into the Page Source Code View, it shows the links it's just missing the month number and name, so the link isn't visible on the page.

 

I added:

 

extract($row111010);

 

Above:

 

$rma_months_issued2 = $months[$row111010['rma_month_issued']];

 

That got the month numbers in the links, but still no luck with the text to make the links visible.

[HDFilmMaker2112]

Sorry, it's

<?php
$rma_year_issued=(int)$_GET['year'];
?>

instead of

<?php
$rma_year_issued=int($_GET['year']);
?>

 

Ken

 

Alright, changed that I'm still getting a blank page. When I went into the Page Source Code View, it shows the links it's just missing the month number and name, so the link isn't visible on the page.

 

I added:

 

extract($row111010);

 

Above:

 

$rma_months_issued2 = $months[$row111010['rma_month_issued']];

 

That got the month numbers in the links, but still no luck with the text to make the links visible.

Alright, fixed that; it was with: $rma_months_issued2, should have been $rma_month_issued2.

 

Now I get the months listed, but when I click on one, it now goes to a blank page.

 

EDIT: Spelled Calender wrong in the month links.

[KevinM1]

Aside: you should really use clear, meaningful variable names.  Things like $sql101010 may seem clever or cool, but it hurts readability overall, which, in turn, reduces the chance that people will want to help you.  Variable names should give some context to what you're doing.

 

If that's actually supposed to be the 101,010'th sql query you have in that script, you're doing it wrong.

[HDFilmMaker2112]

Aside: you should really use clear, meaningful variable names.  Things like $sql101010 may seem clever or cool, but it hurts readability overall, which, in turn, reduces the chance that people will want to help you.  Variable names should give some context to what you're doing.

 

If that's actually supposed to be the 101,010'th sql query you have in that script, you're doing it wrong.

 

I just use differentiating variables to keep things separate. Notepad++ pretty keeps every thing easy to read for me. sql1, sql2, sql3, sql4, sql5, ect. at a quick glance look the same to me. So at a minimum I do sql1, sql20, sql300, ect. to make each subsequent variable longer, or make it different some other way.

 

Anyway, I'm now getting into the list after the months, but I'm not getting the $rma_id or $rma_number to generate the links properly.

[HDFilmMaker2112]

Last issue was because the variables weren't extracted.

 

Solved.

 

Thanks guys for the help. Finally a few hours away from actually launching this site.

[KevinM1]

Aside: you should really use clear, meaningful variable names.  Things like $sql101010 may seem clever or cool, but it hurts readability overall, which, in turn, reduces the chance that people will want to help you.  Variable names should give some context to what you're doing.

 

If that's actually supposed to be the 101,010'th sql query you have in that script, you're doing it wrong.

 

I just use differentiating variables to keep things separate. Notepad++ pretty keeps every thing easy to read for me. sql1, sql2, sql3, sql4, sql5, ect. at a quick glance look the same to me. So at a minimum I do sql1, sql20, sql300, ect. to make each subsequent variable longer, or make it different some other way.

 

That's why I said you should use meaningful variable names.  $sqlnumber has no meaning, regardless if its $sql1 or $sql101010.  The same goes for your table name - $tblname_4 means nothing.  What does is your query trying to access?  What does that particular table represent?  Good code is readable and semantic.  Long term, you're shooting yourself in the foot writing code like this, especially if you expect other people to read it.

 

Good luck reading this code a month from now and understanding what it's doing.

 

Anyway, I'm now getting into the list after the months, but I'm not getting the $rma_id or $rma_number to generate the links properly.

 

If I'm reading your code correctly, you need to either extract $row211010, or access the column data directly from that row (e.g., $row211010['rma_id']).  You'll need to do the same for $row111010.

[PFMaBiSmAd]

Alright, fixed that; it was with: $rma_months_issued2, should have been $rma_month_issued2

 

Are you developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON so that php will help you by reporting and displaying all the errors it detects. You will save a TON of time.