Jump to content

php and mysql question

williamh69

By williamh69
in PHP Coding Help

 Share

Recommended Posts

williamh69 Member

williamh69

Posted
Posted

Hi guys, thank you for all your help i really appreciated. I have my website, www.sparklenshinecs.com, and i am trying to do a SEO on it. However when I run a seo report appears two different lines of code as follow

 

http://www.sparklenshinecs.com/index.php?content=paginas&cat=7

 

and

 

http://www.sparklenshinecs.com/index.php?content=paginas&cat=7

 

 

if I run the first  link it gives me the following error on the page:

 

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/content/10/9601510/html/paginas.inc.php on line 7

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/content/10/9601510/html/paginas.inc.php on line 38

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/content/10/9601510/html/paginas.inc.php on line 56

 

and  if I run the second link: it gives me the normal page.

 

Someone can please explain me whats going on, and how I avoid those warnings.

 

 

 
Link to comment
Share on other sites
bsmither Member

bsmither

Posted
Posted (edited)

This:

http://www.sparklenshinecs.com/index.php?content=paginas&cat=7

is a URL encoded variant of this:

http://www.sparklenshinecs.com/index.php?content=paginas&cat=7

The character & is encoded to its html entity equivalent &

 

Technically, when a script wants to paste a URL into the HTML output, such as the value of a text type form element, validation will agree with the encoded variant. Note that the browser will display all the HTML entities as their single character version.

 

So, I think whatever script is creating these URLs, it is mistaking the intended place in the HTML: actual links, such as for images, or informational areas.

 

Or, whatever is scanning your site for SEO-ness, is not discriminating between the two purposes.

 

When PHP splits the querystring into the GET array, there will be $_GET['amp;cat'] that equals '7'.

 

When your script tries to use $_GET'cat'], which is not set, your query will fail.

 

Not having tested for the response from the database for a possible bad query - a boolean false (you are probably assuming the result from the mysql_query() call will always be a valid resource), the mysql_fetch_array() call will throw an error.

Edited by bsmither
Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted (edited)

the first form isn't actually a url/link, it's the html markup you would output on a web page for a url. the browser renders the & as an & and when you click on that, it should submit correctly as the second version of the link you posted.
 
the reason for the errors are because your query is failing, due to an error, and you are not testing if the query actually ran before trying to use the result from the query, most likely because $_GET['cat'] is being used in the query as a numerical value, but it doesn't exist at all, let alone being a valid integer representing a cat value, for the first form.

 

you ALWAYS need to validate external data before using it. if your code requires a $_GET['cat'] value and one hasn't been submitted, your code should either use a default value or prevent the remainder of the code that is dependent on having a valid $_GET['cat'] from even running.

 

you should also ALWAYS test if your queries run without any errors before trying to use the data you expect from your queries.

Edited by mac_gyver
Link to comment
Share on other sites
williamh69 Member

williamh69

Posted
  • Author
Posted

thank you, i re-wrote the code....this is what i have now

<?php

$menu_id = $_GET['cat'];

$sql = mysql_query("SELECT * from paginas WHERE menu_id=$menu_id");
if(mysql_num_rows($sql)>0) {
while($row = mysql_fetch_array($sql))
{

      $title = $row['title'];
      $sub_title = $row['sub_title'];
      $content = $row['content'];

             $title_tag= str_replace(' . ',' | ',$row['title_tag']);
             $keywords= $row['keywords'];
             $description= $row['description'];


echo "<title>$title_tag</title>";

echo"<meta name='keywords' content='$keywords'>";

echo"<meta name='description' content='$description'></br>";
}


echo"<h1>$title</h1>";

echo"<h2>$sub_title</h2>";
echo"<p>$content</p>";
}

  else {
  echo "No results found!";
}
?>

what you think?

Link to comment
Share on other sites
fastsol Regular Member

fastsol

Posted
Posted

Better, should work for your needs.  Last thing, if the $_GET['cat'] is ALWAYS supposed to be a full integer, for security purposes it would be best to cast the value to an integer so that no matter what someone tries to enter as the cat it will always return a integer or 0.

$menu_id = (int)$_GET['cat'];
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.