PHP dynamic link generating a random page instead of specific page

[Rogue3]

Part of my site still runs on an older CMS (PHP Nuke) so that our archived articles can still be accessed. To access them, we have an archive page that archives the articles by month. I recently upgraded our server to PHP 5.6 (from 5.3) and it broke some of the older Nuke code. Nothing major, just little things here and there. One of them was how the monthly archives are loading. When you click on a link to the month it will bring up the correct month but the year is completely random. It will pull up years before the internet even around! I suspect there is something in the result code causing this, but I'm not sure what to change or try to get it to properly identify the year. 

 

Here is the current result call:

$result = $db->sql_query('SELECT aid, informant, sid, catid, title, hometext, time, comments, counter, topic, alanguage, score, ratings from '.$prefix.'_stories WHERE time >= \''.$year.'-'.$month.'-01 00:00:00\' AND time <= \''.$year.'-'.$month.'-31 23:59:59\' order by sid DESC'); 

I anyone has any suggestions I'm all ears! I can provide more code if it looks like this isn't the culprit, or even the entire function. 

 

The generated link looks like this: modules.php?name=Archives&sa=show_month&year=2013&month=01&month_l=January

 

The year in the generated link is always correct. It's the content on the page that is incorrect. 

[Psycho]

Well, that appears to be "a" query that pulls records based on a date and/or time. I will assume it is the one returning the results that are unexpected.

WHERE time >= \''.$year.'-'.$month.'-01 00:00:00\' AND time <= \''.$year.'-'.$month.'-31 23:59:59\'

So, two questions:

 

1. What type of field is 'time' in your database. It doesn't appear to be an actual 'time' type since the query is including dates. I suspect it is eaither a timestamp or a datetime field.

 

2. Where are $year and $month defined? I suspect the logic to define $year is the likely culprit.

 

Also, you can improve that query. Rather than using single quotes to define the string and having to escape single quotes within it, use double quotes to define the string, so you don't have to escape. This has the added benefit of not having to "exit" the string to add variables. Also, I would suggest defining the string separately using structure to "see" the query better. And, lastly, you can simplify the WHERE condition:

$query = "SELECT aid, informant, sid, catid, title, hometext, time,
                 comments, counter, topic, alanguage, score, ratings
          FROM {$prefix}_stories
          WHERE YEAR(time) = {$year}
            AND MONTH(time) = {$month}
          ORDER BY sid DESC'
$result = $db->sql_query($query);

[Rogue3]

I tried updating the query string as suggested, but that did not work. Perhaps the problem lies deeper in the code. Just to note, this did function properly before moving from 5.3 to 5.6. I don't know if that helps point to possible changes in the language. 

 

Here's the full code for that page:

https://pastebin.com/X8Fw3qEp

 

Here's a link to the page generating the 'random' years:

http://www.jeditemplearchives.com/archives/  --> Note: Any link pre-June 2017. After that, it uses Wordpress for the archives.

[requinix]

show_month($year, $month, $month_l);

Where are those variables coming from? If your answer is "the URL" then no, variables aren't created magically from the URL anymore and you must use $_GET.

[Psycho]

I tried updating the query string as suggested, but that did not work. Perhaps the problem lies deeper in the code. Just to note, this did function properly before moving from 5.3 to 5.6. I don't know if that helps point to possible changes in the language.

 

I only advised improving your query as a side comment. Here is where I stated your problem likely was:

2. Where are $year and $month defined? I suspect the logic to define $year is the likely culprit.