Jump to content

issue with passing variables in URL.


Recommended Posts

The below works for ?rma=non-returned and &year=$year, however once it's get down to month it doesn't work. Everything seems to be in the proper brackets, but it's still not working. It goes to a blank page when month=$month is added to the URL. The URL looks like this : ?rma=calander&year=2011&month=5

elseif($_GET['rma']=="calender"){
$sql101010="SELECT DISTINCT rma_year_issued FROM $tbl_name4 WHERE rma_issued='y' ORDER BY rma_year_issued";
$result101010=mysql_query($sql101010);
while($row101010=mysql_fetch_array($result101010)){
extract($row101010);
$content.='<a href="./acp_admincp.php?rma=calender&year='.$rma_year_issued.'">'.$rma_year_issued.'</a>
<br />';
}

if(isset($_GET['year'])){
$content="";
$logout.=' | <a href="./acp_admincp.php?rma=calender">Back to RMA Calender</a>';
$rma_year_issued=$_GET['year'];
$sql111010="SELECT DISTINCT rma_month_issued FROM $tbl_name4 WHERE rma_year_issued='$rma_year_issued' ORDER BY rma_month_issued";
$result111010=mysql_query($sql111010);
while($row111010=mysql_fetch_array($result111010)){
extract($row111010);
if($rma_month_issued=="1"){$rma_month_issued2="January";}
if($rma_month_issued=="2"){$rma_month_issued2="February";}
if($rma_month_issued=="3"){$rma_month_issued2="March";}
if($rma_month_issued=="4"){$rma_month_issued2="April";}
if($rma_month_issued=="5"){$rma_month_issued2="May";}
if($rma_month_issued=="6"){$rma_month_issued2="June";}
if($rma_month_issued=="7"){$rma_month_issued2="July";}
if($rma_month_issued=="8"){$rma_month_issued2="August";}
if($rma_month_issued=="9"){$rma_month_issued2="September";}
if($rma_month_issued=="10"){$rma_month_issued2="October";}
if($rma_month_issued=="11"){$rma_month_issued2="November";}
if($rma_month_issued=="12"){$rma_month_issued2="December";}
$content.='<a href="./acp_admincp.php?rma=calander&year='.$rma_year_issued.'&month='.$rma_month_issued.'">'.$rma_month_issued2.'</a>
<br />';
}
if(isset($_GET['month'])){
$content="";
$logout.=' | <a href="./acp_admincp.php?rma=calender&year='.$rma_year_issued.'">Back to RMA Calender Year</a>';
$rma_month_issued=$_GET['month'];
$sql211010="SELECT * FROM $tbl_name4 WHERE rma_year_issued='$rma_year_issued' AND rma_month_issued='$rma_month_issued' ORDER BY rma_date_issued";
$result211010=mysql_query($sql211010);
while($row211010=mysql_fetch_array($result211010)){
$content.='<a href="./acp_admincp.php?rma=calander&year='.$rma_year_issued.'&month='.$rma_month_issued.'&id='.$rma_id.'">'.$rma_number.'</a>
<br />';
}
}
}
}

 

The issue maybe the AND in the SQL query... however I need to be sure that the data pulled is of that specific month and that specific year. Not one or the other.

Link to comment
Share on other sites

You are doing absolutely no error checking and no validation of your input paramenters. Never trust user data.

 

Here's how I would re-write your code:

<?php
elseif($_GET['rma']=="calender"){
$sql101010="SELECT DISTINCT rma_year_issued FROM $tbl_name4 WHERE rma_issued='y' ORDER BY rma_year_issued";
$result101010=mysql_query($sql101010);
while($row101010=mysql_fetch_array($result101010)){
	extract($row101010);
	$content.='<a href="./acp_admincp.php?rma=calender&year='.$rma_year_issued.'">'.$rma_year_issued.'</a>
	<br />';
}

if(isset($_GET['year'])){
	$content="";
	$logout.=' | <a href="./acp_admincp.php?rma=calender">Back to RMA Calender</a>';
	$rma_year_issued=int($_GET['year']);
	$sql111010="SELECT DISTINCT rma_month_issued FROM $tbl_name4 WHERE rma_year_issued='$rma_year_issued' ORDER BY rma_month_issued";
	$result111010=mysql_query($sql111010) or die("Problem with the query: $$sql111010<br>" . mysql_error());
	$months = array('', 'January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December');
	while($row111010=mysql_fetch_array($result111010)){
		$rma_months_issued2 = $months[$row111010['rma_month_issued']];
		$content.="<a href='./acp_admincp.php?rma=calander&year=$rma_year_issued&month=$rma_month_issued'>$rma_month_issued2</a><br />";
	}
	if(isset($_GET['month'])){
		$content="";
		$logout.=' | <a href="./acp_admincp.php?rma=calender&year='.$rma_year_issued.'">Back to RMA Calender Year</a>';
		$rma_month_issued=int($_GET['month']);
		$sql211010="SELECT * FROM $tbl_name4 WHERE rma_year_issued='$rma_year_issued' AND rma_month_issued='$rma_month_issued' ORDER BY rma_date_issued";
		$result211010=mysql_query($sql211010) or die("Problem with the query: $sql211010<br>" . mysql_error());
		while($row211010=mysql_fetch_array($result211010)){
			$content.="<a href='./acp_admincp.php?rma=calander&year=$rma_year_issued&month=$rma_month_issued&id=$rma_id'>$rma_number</a><br />";
		}
	}
}
}
?>

 

Also, in the last loop, you're not using anything from the results of the query.

 

Ken

Link to comment
Share on other sites

Sorry, it's

<?php
$rma_year_issued=(int)$_GET['year'];
?>

instead of

<?php
$rma_year_issued=int($_GET['year']);
?>

 

Ken

 

Alright, changed that I'm still getting a blank page. When I went into the Page Source Code View, it shows the links it's just missing the month number and name, so the link isn't visible on the page.

 

I added:

 

extract($row111010);

 

Above:

 

$rma_months_issued2 = $months[$row111010['rma_month_issued']];

 

That got the month numbers in the links, but still no luck with the text to make the links visible.

Link to comment
Share on other sites

Sorry, it's

<?php
$rma_year_issued=(int)$_GET['year'];
?>

instead of

<?php
$rma_year_issued=int($_GET['year']);
?>

 

Ken

 

Alright, changed that I'm still getting a blank page. When I went into the Page Source Code View, it shows the links it's just missing the month number and name, so the link isn't visible on the page.

 

I added:

 

extract($row111010);

 

Above:

 

$rma_months_issued2 = $months[$row111010['rma_month_issued']];

 

That got the month numbers in the links, but still no luck with the text to make the links visible.

Alright, fixed that; it was with: $rma_months_issued2, should have been $rma_month_issued2.

 

Now I get the months listed, but when I click on one, it now goes to a blank page.

 

EDIT: Spelled Calender wrong in the month links.

Link to comment
Share on other sites

Aside: you should really use clear, meaningful variable names.  Things like $sql101010 may seem clever or cool, but it hurts readability overall, which, in turn, reduces the chance that people will want to help you.  Variable names should give some context to what you're doing.

 

If that's actually supposed to be the 101,010'th sql query you have in that script, you're doing it wrong.

Link to comment
Share on other sites

Aside: you should really use clear, meaningful variable names.  Things like $sql101010 may seem clever or cool, but it hurts readability overall, which, in turn, reduces the chance that people will want to help you.  Variable names should give some context to what you're doing.

 

If that's actually supposed to be the 101,010'th sql query you have in that script, you're doing it wrong.

 

I just use differentiating variables to keep things separate. Notepad++ pretty keeps every thing easy to read for me. sql1, sql2, sql3, sql4, sql5, ect. at a quick glance look the same to me. So at a minimum I do sql1, sql20, sql300, ect. to make each subsequent variable longer, or make it different some other way.

 

Anyway, I'm now getting into the list after the months, but I'm not getting the $rma_id or $rma_number to generate the links properly.

Link to comment
Share on other sites

Aside: you should really use clear, meaningful variable names.  Things like $sql101010 may seem clever or cool, but it hurts readability overall, which, in turn, reduces the chance that people will want to help you.  Variable names should give some context to what you're doing.

 

If that's actually supposed to be the 101,010'th sql query you have in that script, you're doing it wrong.

 

I just use differentiating variables to keep things separate. Notepad++ pretty keeps every thing easy to read for me. sql1, sql2, sql3, sql4, sql5, ect. at a quick glance look the same to me. So at a minimum I do sql1, sql20, sql300, ect. to make each subsequent variable longer, or make it different some other way.

 

That's why I said you should use meaningful variable names.  $sqlnumber has no meaning, regardless if its $sql1 or $sql101010.  The same goes for your table name - $tblname_4 means nothing.  What does is your query trying to access?  What does that particular table represent?  Good code is readable and semantic.  Long term, you're shooting yourself in the foot writing code like this, especially if you expect other people to read it.

 

Good luck reading this code a month from now and understanding what it's doing.

 

Anyway, I'm now getting into the list after the months, but I'm not getting the $rma_id or $rma_number to generate the links properly.

 

If I'm reading your code correctly, you need to either extract $row211010, or access the column data directly from that row (e.g., $row211010['rma_id']).  You'll need to do the same for $row111010.

Link to comment
Share on other sites

Alright, fixed that; it was with: $rma_months_issued2, should have been $rma_month_issued2

 

Are you developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON so that php will help you by reporting and displaying all the errors it detects. You will save a TON of time.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.