BrinkJ Posted October 23, 2014 Share Posted October 23, 2014 Could someone please help me out here? I've been using the code below in some of my WordPress pages, but I've looked at it so long ago that I honestly can't remember how to debug it - go figure... The only thing that changed was the database. It works like this: URL has parameter called id in this form: http://example.com/post?id=... Code checks if param is present, otherwise it redirects home. If the param is present, code gets the ID and compares it to the records in the MySQL database hosted by my ISP. Match gets used in an echo statement. A div on the page is activated. Database Layout: +-------+------------+------------+------------+------------+---------------+ | id | Naam | Metgesel | Kind1 | Kind2 | Email | +-------+------------+------------+------------+------------+---------------+ | abc12 | Bobby | Caily | * | * | [email protected] | | ... | ... | ... | ... | ... | ... | +-------+------------+------------+------------+------------+---------------+ ERROR ENCOUNTERED: Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/.../public_html/wp-content/plugins/insert-php-code-snippet/shortcode-handler.php(32) : eval()'d code on line 4 Invalid or no security key! Code: <script> function invite(){ document.getElementById('invite').style.display=(document.getElementById('invite').style.display=='block')?'none':'block'; } </script> <script> function returnHome(){ setTimeout(function () {window.location.href = 'http://example.com';},2000); } </script> $part = $_REQUEST['id']; if(isset($_GET["id"])){ $query = sprintf("SELECT * FROM `DATABASE`.`TABLE` WHERE idquack='$part'", mysql_real_escape_string($query)); $result = mysql_query($query); if (!$result) { $message = 'Invalid or no security key!'; die($message); } else { while ($row = mysql_fetch_assoc($result)) { if ($row['Metgesel'] != "*"){ if ($row['Metgesel'] == "#"){ if ($row['Kind1'] != "*"){ if ($row['Kind2'] != "*"){ echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>"; } else { echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . " en " . $row['Kind1'] . "</h1>"; } } else { echo '<h1>' . $row['Naam'] . " en " . "Metgesel" . "</h1>"; } } else{ if ($row['Kind1'] != "*"){ if ($row['Kind2'] != "*"){ echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>"; } else { echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . " en " . $row['Kind1'] . "</h1>"; } } else { echo '<h1>' . $row['Naam'] . " en " . $row['Metgesel'] . "</h1>"; } } } else { echo '<h1>' . $row['Naam'] . "</h1>"; } echo '<script>invite();</script>'; } } mysql_free_result($result); } else{ echo 'Hold on tight - we're taking you to safety!'; echo '<script>returnHome();</script>'; } Link to comment https://forums.phpfreaks.com/topic/292020-php-code-to-get-mysql-row-from-url-param/ Share on other sites More sharing options...
ginerjm Posted October 23, 2014 Share Posted October 23, 2014 That error indicates you either did not establish a connection to your database Link to comment https://forums.phpfreaks.com/topic/292020-php-code-to-get-mysql-row-from-url-param/#findComment-1494534 Share on other sites More sharing options...
Barand Posted October 23, 2014 Share Posted October 23, 2014 Try if(isset($_GET["id"])){ $query = sprintf("SELECT * FROM `DATABASE`.`TABLE` WHERE idquack='%s'", mysql_real_escape_string($part)); Link to comment https://forums.phpfreaks.com/topic/292020-php-code-to-get-mysql-row-from-url-param/#findComment-1494536 Share on other sites More sharing options...
BrinkJ Posted October 23, 2014 Author Share Posted October 23, 2014 Both of your answers combined gave me the result, thank you! This is my final coding: $part = $_REQUEST['id']; if(isset($_GET["id"])){ $conn = mysql_connect("localhost","USERNAME","PASSWORD"); mysql_select_db("DATABASE",$conn); $query = sprintf("SELECT * FROM `quack` WHERE idquack='%s'", mysql_real_escape_string($part)); $result = mysql_query($query); if (!$result) { $message = 'Invalid or no security key!'; die($message); } else { while ($row = mysql_fetch_assoc($result)) { if ($row['Metgesel'] != "*"){ if ($row['Metgesel'] == "#"){ if ($row['Kind1'] != "*"){ if ($row['Kind2'] != "*"){ echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>"; } else { echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . " en " . $row['Kind1'] . "</h1>"; } } else { echo '<h1>' . $row['Naam'] . " en " . "Metgesel" . "</h1>"; } } else{ if ($row['Kind1'] != "*"){ if ($row['Kind2'] != "*"){ echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>"; } else { echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . " en " . $row['Kind1'] . "</h1>"; } } else { echo '<h1>' . $row['Naam'] . " en " . $row['Metgesel'] . "</h1>"; } } } else { echo '<h1>' . $row['Naam'] . "</h1>"; } echo '<script>invite();</script>'; } } mysql_free_result($result); } else{ echo ''n Fout het voorgekom! Jammer daarvoor. Jy sal nou na die tuisblad geneem word.'; echo '<script>returnHome();</script>'; } Link to comment https://forums.phpfreaks.com/topic/292020-php-code-to-get-mysql-row-from-url-param/#findComment-1494544 Share on other sites More sharing options...
ginerjm Posted October 23, 2014 Share Posted October 23, 2014 I'll never understand why people use sprint(f) to build a query string. Link to comment https://forums.phpfreaks.com/topic/292020-php-code-to-get-mysql-row-from-url-param/#findComment-1494548 Share on other sites More sharing options...
QuickOldCar Posted October 24, 2014 Share Posted October 24, 2014 Or check for $_REQUEST and use $_GET For one you should first see if $_GET["id"] is set, also not empty before you define a variable to it. $part = $_REQUEST['id']; if(isset($_GET["id"])){ if( isset($_GET['id']) && trim($_GET['id']) != '' && ctype_alnum($_GET['id']) ) { //is this supposed to be alphanumeric? make sure it is one $part = trim($_GET['id']); } else { //stop from continuing the script die('stop right there is nothing more to do!!!'); } Link to comment https://forums.phpfreaks.com/topic/292020-php-code-to-get-mysql-row-from-url-param/#findComment-1494559 Share on other sites More sharing options...
QuickOldCar Posted October 24, 2014 Share Posted October 24, 2014 I wish we had a button for what am about to write next.... You should not be using deprecated mysql_* functions, instead use PDO or mysqli_* functions Link to comment https://forums.phpfreaks.com/topic/292020-php-code-to-get-mysql-row-from-url-param/#findComment-1494561 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.