turpentyne Posted August 1, 2012 Share Posted August 1, 2012 I'm trying to redo a page from scratch, and simplify things. I've gotten a "beginner-stumping" error. It's a page where the user makes a selection from a form with fields generated by a database. Then the page reloads, with the php determining which options to pull from the database, based on which category they last chose. It loops through the first time, and works fine. But the second time, I get an error: "You have an error in your SQL syntax; ... near 'ORDER BY tbl_components.component_category' at line 6" I echoed the query and I see its not carrying over the $var that second time the page reloads: "SELECT ....... AND tbl_component_categories.ID = ORDER BY tbl_components.component_category" Considering it worked on first selection, I'm kind of stumped. I did run the queries in MySQL just to make sure they work, and they do. Not sure where I'm getting it wrong. <?php session_start(); if(!isset($_SESSION['options_picked'])){ $_SESSION['options_picked'] = array(); } if (!isset($_POST['chosen'])) { $var = "4"; } elseif(isset($_POST['chosen'])) { array_push($_SESSION['options_picked'],$var); // below section is hard coded for the moment. // Later, when other things figured out, maybe I query the database for categories and category id, then I can loop to create the below statements // so it would be like: if post == 'row[x] { var = row[y];} etc. if((isset($_POST['what_category'])) && ($_POST['what_category'] == 'Buttstocks')){ $var = "1"; } // here's the loop that determines what they selected. the first one above works fine elseif((isset($_POST['what_category'])) && ($_POST['what_category'] == 'Accessory_rail_mounts')){$var = "11";} // the second one, above, is where I suddenly get an error. elseif((isset($_POST['what_category'])) && ($_POST['what_category'] == 'Caliber')){$var = "2";} elseif((isset($_POST['what_category'])) && ($_POST['what_category'] == 'Barrel_length')){$var = "10";} elseif((isset($_POST['what_category'])) && ($_POST['what_category'] == 'Suppressors')){$var = "9";} echo "cat= ".$_POST['what_category']; echo "var= ".$var; } include("../builder-test-code/dbc.php"); // query here $query = "SELECT tbl_component_categories.ID, tbl_component_categories.folder_path, tbl_component_categories.comp_cat_name, tbl_components.component_name, tbl_components.image_filepath, tbl_components.component_category FROM tbl_components JOIN tbl_component_categories ON tbl_components.component_category = tbl_component_categories.ID AND tbl_component_categories.ID = $var ORDER BY tbl_components.component_category"; $result = mysql_query($query) or die(mysql_error()); // create templates // CF: Using sprintf () and templates makes things a whole lot easier to read. $ExpandTemplate = <<<OutHTML <div id="%1\$s" style="width:550px;padding-top:20px;"> <!-- <a class='select-toggler' href="javascript:showHide('%2\$s-expander');"> this was the old thing --> <img style="position:relative;top:-2px;" src="images/structural/red-plus.gif" /> %1\$s <!--</a>--><br> <div id="%2\$s-expander" style="float:left;padding-right:25px;" width="90"> OutHTML; $ExpandImageTemplate = <<<OutHTML <div style='width:140px;padding:10px;float:left;'> %4\$s <br> <form action="" method="post"> <button type="submit" name="chosen" id="chosen" value="%4\$s"> <input type="hidden" name="what_category" value="%2\$s"> <img src="%3\$s" width="147" height="34" alt="image to come" title="choice" /> </button> <!-- this hidden field is what I can use to determine what category, I compare it to --> </form> </div> OutHTML; $ExpandImageTafter = <<<OutHTML </div></div> OutHTML; $Output = ' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Build my rifle</title> </head> <body> <div><!-- where the original image at top of page will go --> '; //output section and sprintf while ($row = mysql_fetch_assoc ($result)) { if ($category != $row['component_category']) { $category = $row['component_category']; if (!$firstime) { $Output .= '</div><br><br>'; } else { $firstime = true; } //CF: Changed output to be stored in a temp variable, as well as adding output escaping to prevent XSS etc. $Output .= sprintf ($ExpandTemplate, htmlspecialchars ($row['comp_cat_name']), htmlspecialchars ($row['folder_path'])); } //CF: Changed output to be stored in a temp variable, as well as adding output escaping to prevent XSS etc. $Output .= sprintf ($ExpandImageTemplate, htmlspecialchars ($row['comp_cat_name']),htmlspecialchars ($row['folder_path']),htmlspecialchars ($row['image_filepath']),htmlspecialchars ($row['component_name'])); // when I get a chance, I need to figure out how to escape the /s in the image_filepath in code line above. It wasn't working when it was written: htmlspecialchars (rawurlencode($row['image_filepath'])). it just put %s } ?> <?php echo $Output; ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
Christian F. Posted August 1, 2012 Share Posted August 1, 2012 I recommend properly indenting your code, then it should be apparent what the problem is. Quote Link to comment Share on other sites More sharing options...
turpentyne Posted August 1, 2012 Author Share Posted August 1, 2012 holy cow! I'm not seeing it. I can tell you're alluding to something obviously easy. I tabbed everything, and eliminated the div tags because they're irrelevant to this version and were confusing me. I double checked brackets and they appear to be all closed. I'm not seeing anything in the logic that's wrong. I'm just not seeing it. Maybe, give me another hint? Quote Link to comment Share on other sites More sharing options...
Christian F. Posted August 1, 2012 Share Posted August 1, 2012 If you look at this part here: if (!isset ($_POST['chosen'])) { $var = "4"; } elseif (isset ($_POST['chosen'])) { array_push ($_SESSION['options_picked'], $var); You can see that you're trying to push the variable onto the $_SESSION array, without having it defined first. So if none of the predefined categories are selected, $var will be undefined and cast to an empty string when used in the query. I assumed this was because you mistakenly believed it being set above, due to the lack of indenting. PS: I also recommend moving the HTML header, doctype and all that out of the $output variable. It doesn't need to be there, after all. PPS: You need to validate input, and escape the output in your SQL queries. Quote Link to comment Share on other sites More sharing options...
turpentyne Posted August 1, 2012 Author Share Posted August 1, 2012 oh no.... That left me more in the dark.. I've made a correction to that session variable, because it wasn't even setting from the variable I wanted. My fault, I was trying to work through this last night to come up with a new solution and still have the problem. Here's what I have now in that section of the code. Everything seems fine but the $Var is still not setting the second time. I'm so sorry I'm not getting this stuff. Also, I know I need to take care of security. I'm just trying to get the basic goal finished before I tackle that. if(!isset($_SESSION['options_picked'])){ $_SESSION['options_picked'] = array(); } if (!isset($_POST['chosen'])) { $var = "4"; } elseif(isset($_POST['chosen'])) { $choicetest = $_POST['chosen']; echo "and ".$choicetest; array_push($_SESSION['options_picked'],$choicetest); // supposed to be this and not $var. if((isset($_POST['what_category'])) && ($_POST['what_category'] == 'Buttstocks')){ $var = "1"; } elseif((isset($_POST['what_category'])) && ($_POST['what_category'] == 'Accessory_rail_mounts')){ $var = "11"; } elseif((isset($_POST['what_category'])) && ($_POST['what_category'] == 'Caliber')){ $var = "2"; } elseif((isset($_POST['what_category'])) && ($_POST['what_category'] == 'Barrel_length')){ $var = "10"; } elseif((isset($_POST['what_category'])) && ($_POST['what_category'] == 'Suppressors')){ $var = "9"; } echo "cat= ".$_POST['what_category']; echo "var= ".$var; } Quote Link to comment Share on other sites More sharing options...
Christian F. Posted August 1, 2012 Share Posted August 1, 2012 As far as I can see $var is still not being set, unless one of the IF-tests checks out true. Which means that it's highly likely that they don't. I'd run a var_dump () on the contents of the $_POST array, and see what it contains. Also, run a test of invalid categories, before running the loop. That way you control what should be done, and not the database driver. PS: I'd use the value from the database as the value for the categories, and not base it upon the name. Or, if that's not viable, use an array of key->value bindings and check against it for validation. Example of the latter: $categories = array ('Suppressors' => 9, 'Buttstocks' => 1); if (!isset ($categories[$_POST['category'])) { // Invalid category selected, show warning and return. } $var = $categories[$_POST['category']]; Quote Link to comment Share on other sites More sharing options...
turpentyne Posted August 1, 2012 Author Share Posted August 1, 2012 good lord... I'll look into your suggestions as I improve the script. But it's solved on the stupidest thing. I was missing a couple of capital letters in the script. nothing more. gah!! solved for now. on to figuring out nested arrays. yippee. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted August 1, 2012 Share Posted August 1, 2012 Haha, it's always always those stupid little errors that's the hardest to spot. At least you figured it out, and good luck on the figuring out the rest. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.