BrinkJ Posted October 23, 2014 Share Posted October 23, 2014 Could someone please help me out here? I've been using the code below in some of my WordPress pages, but I've looked at it so long ago that I honestly can't remember how to debug it - go figure... The only thing that changed was the database. It works like this: URL has parameter called id in this form: http://example.com/post?id=... Code checks if param is present, otherwise it redirects home. If the param is present, code gets the ID and compares it to the records in the MySQL database hosted by my ISP. Match gets used in an echo statement. A div on the page is activated. Database Layout: +-------+------------+------------+------------+------------+---------------+ | id | Naam | Metgesel | Kind1 | Kind2 | Email | +-------+------------+------------+------------+------------+---------------+ | abc12 | Bobby | Caily | * | * | b@example.com | | ... | ... | ... | ... | ... | ... | +-------+------------+------------+------------+------------+---------------+ ERROR ENCOUNTERED: Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/.../public_html/wp-content/plugins/insert-php-code-snippet/shortcode-handler.php(32) : eval()'d code on line 4 Invalid or no security key! Code: <script> function invite(){ document.getElementById('invite').style.display=(document.getElementById('invite').style.display=='block')?'none':'block'; } </script> <script> function returnHome(){ setTimeout(function () {window.location.href = 'http://example.com';},2000); } </script> $part = $_REQUEST['id']; if(isset($_GET["id"])){ $query = sprintf("SELECT * FROM `DATABASE`.`TABLE` WHERE idquack='$part'", mysql_real_escape_string($query)); $result = mysql_query($query); if (!$result) { $message = 'Invalid or no security key!'; die($message); } else { while ($row = mysql_fetch_assoc($result)) { if ($row['Metgesel'] != "*"){ if ($row['Metgesel'] == "#"){ if ($row['Kind1'] != "*"){ if ($row['Kind2'] != "*"){ echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>"; } else { echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . " en " . $row['Kind1'] . "</h1>"; } } else { echo '<h1>' . $row['Naam'] . " en " . "Metgesel" . "</h1>"; } } else{ if ($row['Kind1'] != "*"){ if ($row['Kind2'] != "*"){ echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>"; } else { echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . " en " . $row['Kind1'] . "</h1>"; } } else { echo '<h1>' . $row['Naam'] . " en " . $row['Metgesel'] . "</h1>"; } } } else { echo '<h1>' . $row['Naam'] . "</h1>"; } echo '<script>invite();</script>'; } } mysql_free_result($result); } else{ echo 'Hold on tight - we're taking you to safety!'; echo '<script>returnHome();</script>'; } Quote Link to comment Share on other sites More sharing options...
ginerjm Posted October 23, 2014 Share Posted October 23, 2014 That error indicates you either did not establish a connection to your database Quote Link to comment Share on other sites More sharing options...
Solution Barand Posted October 23, 2014 Solution Share Posted October 23, 2014 Try if(isset($_GET["id"])){ $query = sprintf("SELECT * FROM `DATABASE`.`TABLE` WHERE idquack='%s'", mysql_real_escape_string($part)); Quote Link to comment Share on other sites More sharing options...
BrinkJ Posted October 23, 2014 Author Share Posted October 23, 2014 Both of your answers combined gave me the result, thank you! This is my final coding: $part = $_REQUEST['id']; if(isset($_GET["id"])){ $conn = mysql_connect("localhost","USERNAME","PASSWORD"); mysql_select_db("DATABASE",$conn); $query = sprintf("SELECT * FROM `quack` WHERE idquack='%s'", mysql_real_escape_string($part)); $result = mysql_query($query); if (!$result) { $message = 'Invalid or no security key!'; die($message); } else { while ($row = mysql_fetch_assoc($result)) { if ($row['Metgesel'] != "*"){ if ($row['Metgesel'] == "#"){ if ($row['Kind1'] != "*"){ if ($row['Kind2'] != "*"){ echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>"; } else { echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . " en " . $row['Kind1'] . "</h1>"; } } else { echo '<h1>' . $row['Naam'] . " en " . "Metgesel" . "</h1>"; } } else{ if ($row['Kind1'] != "*"){ if ($row['Kind2'] != "*"){ echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>"; } else { echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . " en " . $row['Kind1'] . "</h1>"; } } else { echo '<h1>' . $row['Naam'] . " en " . $row['Metgesel'] . "</h1>"; } } } else { echo '<h1>' . $row['Naam'] . "</h1>"; } echo '<script>invite();</script>'; } } mysql_free_result($result); } else{ echo ''n Fout het voorgekom! Jammer daarvoor. Jy sal nou na die tuisblad geneem word.'; echo '<script>returnHome();</script>'; } Quote Link to comment Share on other sites More sharing options...
ginerjm Posted October 23, 2014 Share Posted October 23, 2014 I'll never understand why people use sprint(f) to build a query string. Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted October 24, 2014 Share Posted October 24, 2014 (edited) Or check for $_REQUEST and use $_GET For one you should first see if $_GET["id"] is set, also not empty before you define a variable to it. $part = $_REQUEST['id']; if(isset($_GET["id"])){ if( isset($_GET['id']) && trim($_GET['id']) != '' && ctype_alnum($_GET['id']) ) { //is this supposed to be alphanumeric? make sure it is one $part = trim($_GET['id']); } else { //stop from continuing the script die('stop right there is nothing more to do!!!'); } Edited October 24, 2014 by QuickOldCar Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted October 24, 2014 Share Posted October 24, 2014 I wish we had a button for what am about to write next.... You should not be using deprecated mysql_* functions, instead use PDO or mysqli_* functions Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.