hempknight Posted May 20, 2007 Share Posted May 20, 2007 hey ppl.. i'm sure the answer is out there somewhere but..i'm really short on time..need to finish this website by the 21st of may..and i'm stuck my issue relates to a bands database that has some names like D'Opus & Roshambo..now when i run my bands.php script that gets the info from the dbase and dynamically makes a table to store the info... it takes the band name as a variable.. i have used the scripts for making the entries listed under the letter they begin with..i think it's on this page:http://www.phpfreaks.com/tutorials/146/0.php and also some code from DMXforums that hid a feild from showing in the table if it was empty.. most of the bands work fine except those with ' and & wont show anything.. the band variable that holds the name being searched for by the band.php script is always just the first letter not the full band name like with the others.. i've included all of the code if anyone wants to see.. and yes i know it's not indented and messy.. the code for script that lists all the bands in the Dbase alpha sorted with hyperlinks to thier details... <body bgcolor="#000000" text="#FFFFFF"> <center> <?php $link = mysql_connect("localhost", "*****", "*****"); if (!$link) { die('Could not connect: ' . mysql_error()); } $db_selected = mysql_select_db("mitact_mitact"); if (!$db_selected) { die ('Can\'t use foo : ' . mysql_error()); } ?> <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="get"> <select name ="genre"> <option value ="" <?php if(empty($_GET["genre"])) echo 'selected="selected"';?>>Any Genre</option> <?php $result = mysql_query("SELECT `gid`,`name` FROM `Bands_Genre` ORDER BY `name` ASC"); while ($row = mysql_fetch_array($result)) { ?> <option value ="<?php echo $row["gid"]; ?>" <?php if($_GET["genre"] === $row["gid"]) echo 'selected="selected"';?>><?php echo $row["name"]; ?></option> <?php } mysql_free_result($result);?> </select> <select name ="type"> <option value ="" <?php if(empty($_GET["type"])) echo 'selected="selected"';?>>Any Type</option> <option value ="Original" <?php if($_GET["type"] === "Original") echo 'selected="selected"';?>>Original</option> <option value ="Covers" <?php if($_GET["type"] === "Covers") echo 'selected="selected"';?>>Covers</option> <option value ="Both" <?php if($_GET["type"] === "Both") echo 'selected="selected"';?>>Both</option> </select> <input type="submit" value="Search"/> <input type="reset" value="Reset"/> </form> <?php $db_selected = mysql_select_db("mitact_mitact"); if (!$db_selected) { die ('Can\'t use foo : ' . mysql_error()); } //genre filter $genre = "TRUE"; //any genre if(!empty($_GET["genre"])) {//not any genre $gid = intval($_GET["genre"]); $genre = "`Bands_Confirmed`.`genre1`='$gid' OR `Bands_Confirmed`.`genre2`='$gid' OR `Bands_Confirmed`.`genre3`='$gid'"; /* $result = mysql_query("SELECT `gid` FROM `Bands_Genre` WHERE `name`='$_GET[genre]'"); if (!$result) { die('Invalid query: ' . mysql_error()); } if ($row = mysql_fetch_array($result)) { $genre = "`Bands_Confirmed`.`genre1`='$row[gid]' OR `genre2`='$row[gid]' OR `genre3`='$row[gid]'"; }else $genre = "TRUE"; mysql_free_result($result);*/ } //type filter $type = "TRUE";//any genre if(!empty($_GET["type"])) { $type = "`type`='$_GET[type]'"; } $result = mysql_query("SELECT `Bands_Confirmed`.`bandname` FROM `Bands_Confirmed` WHERE ($genre) AND ($type) ORDER BY `bandname` ASC"); if (!$result) { die('Invalid query: ' . mysql_error()); } $letterlinks = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; echo '<a name="#top"></a>'; echo '<a href="#number">0-9</a> '; for ($i = 0; $i < 37; $i++): echo '<a href="#'.$letterlinks[$i].'">'.$letterlinks[$i].'</a> '; endfor; while ($list = mysql_fetch_object($result)): $letter = strtoupper(substr($list->bandname, 0, 1)); if ($prev_row != '0-9' && is_numeric($letter)): echo '<br /><a name="number"></a><b><you>0-9</you></b> '; echo '<a href="#top"><i>goto top</i></a><br />'; $prev_row = '0-9'; endif; if ($letter != $prev_row && !is_numeric($letter)): echo '<br /><a name="'.$letter.'"></a><b><you>'.$letter.'</you></b> '; echo '<a href="#top"><i>goto top</i></a><br />'; $prev_row = $letter; endif; $band="$list->bandname"; //addcslashes($band,"'"); htmlspecialchars($band); echo $band; echo "<a href='band.php?band=$band'>$list->bandname</a><br/>"; endwhile; mysql_free_result($result); mysql_close($link); ?> </center> the bands script that actually gets the name of the band that you clicked from the list and shows the details... <body bgcolor="#000000" text="#FFFFFF"> <table width="500" border="1" bordercolor="#FFFFFF"> <?php $link = mysql_connect("localhost", "****", "****"); if (!$link) { die('Could not connect: ' . mysql_error()); } $db_selected = mysql_select_db("mitact_mitact"); if (!$db_selected) { die ('Can\'t use foo : ' . mysql_error()); } $genre = null; $result = mysql_query("SELECT * FROM `Bands_Genre`"); if (!$result) { die('Invalid query: ' . mysql_error()); } while ($row = mysql_fetch_array($result)) { $genre[$row["gid"]] = $row["name"]; } mysql_free_result($result); $result = mysql_query("SELECT * FROM `Bands_Confirmed` WHERE `bandname` = '". urldecode($_GET["band"]) ."'"); if (!$result) { die('Invalid query: ' . mysql_error()); } addslashes($result); while ($row = mysql_fetch_array($result)) {//while fetch BEGINS ?> <tbody> <tr> <td colspan="2"> <h2><?php echo $row["bandname"];?></h2> </td> </tr> <tr> <td colspan="2"> <ul> <li>Genre 1: <?php echo $genre[$row["genre1"]];?></li> <?php if ($genre[$row["genre2"]]<>"") {echo'<li>Genre 2:',$genre[$row["genre2"]],'</li>';}?> <?php if ($genre[$row["genre3"]]<>"") {echo '<li>Genre 3:',$genre[$row["genre3"]],'</li>';}?> <li>Original music, Covers or Both: <?php echo $row["type"];?></li> </ul> </td> </tr> <tr> <td colspan="2"> <div> <dl> <dt><?php echo $row["contact1"];?></dt> <?php if ($row["contact1number"]<>"") {echo '<dd>',$row["contact1number"],'</dd>';}?> <dd><?php echo $row["email1"];?></dd> <dt><?php echo $row["contact2"];?></dt> <dd><?php echo $row["contact2number"];?></dd> <dd><?php echo $row["email2"];?></dd> <?php if ($row["managerdetails"]<>"") {echo '<dt>Manager details</dt>'; echo '<dd>',$row["managerdetails"],'</dd>';}?> <?php if ($row["managerdetails"]<>"") {echo '<dt>Booking agent</dt>'; echo '<dd>',$row["bookingagentdetails"],'</dd>';}?> </dl> </div> </td> </tr> <tr> <?php if ($row["myspace"]<>"") {echo '<td width="250">','MySpace: <a href="'; echo $row["myspace"]; echo'">',$row["myspace"],'</a></td>';}?> <?php if ($row["website"]<>"") {echo '<td width="250">','Website: <a href="'; echo $row["website"]; echo'">',$row["website"],'</a></td>';}?> </tr> </tbody> <?php } //END WHILE mysql_free_result($result); mysql_close($link); ?> </table> </body> Quote Link to comment Share on other sites More sharing options...
hempknight Posted May 20, 2007 Author Share Posted May 20, 2007 oops! forgot to mention..i've already messed around with htmlspecialcharecters() and addslashes() and thier variants.. can anyone think of anything else?? Quote Link to comment Share on other sites More sharing options...
quickstopman Posted May 20, 2007 Share Posted May 20, 2007 you wanna edit your first post right now man!!!!!!!!!!!!!!!!!!!!! you have your database info in it!!!!!!! :-[ :-[ Quote Link to comment Share on other sites More sharing options...
john010117 Posted May 20, 2007 Share Posted May 20, 2007 Use mysql_real_escape_string() on your strings. Quote Link to comment Share on other sites More sharing options...
hempknight Posted May 20, 2007 Author Share Posted May 20, 2007 where do i put that in?? i'm a noob to PHP.. i understand the logic but nothing else.. Quote Link to comment Share on other sites More sharing options...
john010117 Posted May 20, 2007 Share Posted May 20, 2007 On the second script that you've posted... <body bgcolor="#000000" text="#FFFFFF"> <table width="500" border="1" bordercolor="#FFFFFF"> <?php $link = mysql_connect("localhost", "****", "****"); if (!$link) { die('Could not connect: ' . mysql_error()); } $db_selected = mysql_select_db("mitact_mitact"); if (!$db_selected) { die ('Can\'t use foo : ' . mysql_error()); } $genre = null; $result = mysql_query("SELECT * FROM `Bands_Genre`"); if (!$result) { die('Invalid query: ' . mysql_error()); } while ($row = mysql_fetch_array($result)) { $genre[$row["gid"]] = $row["name"]; } mysql_free_result($result); $band_name = urldecode($_GET['band']; $band_name_escaped = mysql_real_escape_string($band_name); $result = mysql_query("SELECT * FROM `Bands_Confirmed` WHERE `bandname` = '$band_name_escaped'"); if (!$result) { die('Invalid query: ' . mysql_error()); } addslashes($result); while ($row = mysql_fetch_array($result)) {//while fetch BEGINS ?> <tbody> <tr> <td colspan="2"> <h2><?php echo $row["bandname"];?></h2> </td> </tr> <tr> <td colspan="2"> <ul> <li>Genre 1: <?php echo $genre[$row["genre1"]];?></li> <?php if ($genre[$row["genre2"]]<>"") {echo'<li>Genre 2:',$genre[$row["genre2"]],'</li>';}?> <?php if ($genre[$row["genre3"]]<>"") {echo '<li>Genre 3:',$genre[$row["genre3"]],'</li>';}?> <li>Original music, Covers or Both: <?php echo $row["type"];?></li> </ul> </td> </tr> <tr> <td colspan="2"> <div> <dl> <dt><?php echo $row["contact1"];?></dt> <?php if ($row["contact1number"]<>"") {echo '<dd>',$row["contact1number"],'</dd>';}?> <dd><?php echo $row["email1"];?></dd> <dt><?php echo $row["contact2"];?></dt> <dd><?php echo $row["contact2number"];?></dd> <dd><?php echo $row["email2"];?></dd> <?php if ($row["managerdetails"]<>"") {echo '<dt>Manager details</dt>'; echo '<dd>',$row["managerdetails"],'</dd>';}?> <?php if ($row["managerdetails"]<>"") {echo '<dt>Booking agent</dt>'; echo '<dd>',$row["bookingagentdetails"],'</dd>';}?> </dl> </div> </td> </tr> <tr> <?php if ($row["myspace"]<>"") {echo '<td width="250">','MySpace: <a href="'; echo $row["myspace"]; echo'">',$row["myspace"],'</a></td>';}?> <?php if ($row["website"]<>"") {echo '<td width="250">','Website: <a href="'; echo $row["website"]; echo'">',$row["website"],'</a></td>';}?> </tr> </tbody> <?php } //END WHILE mysql_free_result($result); mysql_close($link); ?> Quote Link to comment Share on other sites More sharing options...
hempknight Posted May 20, 2007 Author Share Posted May 20, 2007 i cant find the edit post button..god i suck ~_~ Quote Link to comment Share on other sites More sharing options...
hempknight Posted May 20, 2007 Author Share Posted May 20, 2007 i'm getting errors on line 25.. i got the code you posted john..and i overwrote my copy of babnds.php..but it dies ~_~ Quote Link to comment Share on other sites More sharing options...
hempknight Posted May 20, 2007 Author Share Posted May 20, 2007 look can someone plz just fix the code and put it up for me to copy and paste.. i've lost far too many hours on this..and i really cant afford delays.. PLEASE!! FOR THE LOVE OF GOD! Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted May 20, 2007 Share Posted May 20, 2007 Change this <?php $result = mysql_query("SELECT * FROM `Bands_Confirmed` WHERE `bandname` = '$band_name_escaped'"); if (!$result) { die('Invalid query: ' . mysql_error()); } addslashes($result); ?> to <?php $query = "SELECT * FROM `Bands_Confirmed` WHERE `bandname` = '$band_name_escaped'"; $result = mysql_query($query) or die('Invalid query: <pre>. , $query . '</pre><br> ' . mysql_error()); } ?> Ken Quote Link to comment Share on other sites More sharing options...
hempknight Posted May 20, 2007 Author Share Posted May 20, 2007 it's okay..thanks guys for your tips etc.. i just had to move on so i changed the dataset... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.