?
Solved

url parameter error

Posted on 2011-03-25
10
Medium Priority
?
252 Views
Last Modified: 2012-05-11
I have a page that the content is based on a URL parameter. See code below:

$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}
mysql_select_db($database_conn_tech8, $conn_tech8);
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = %s", GetSQLValueString($colname_rs_spares, "text"));
$rs_spares = mysql_query($query_rs_spares, $conn_tech8) or die(mysql_error());
$row_rs_spares = mysql_fetch_assoc($rs_spares);
$totalRows_rs_spares = mysql_num_rows($rs_spares);

but if the URL parameter is incorrect I get this error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

How do I make the page redirect to an error page if the URL parameter is incorrect?

0
Comment
Question by:petewinter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35215776
I suspect that this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = %s", GetSQLValueString($colname_rs_spares, "text"));

should be this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));
0
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 1500 total points
ID: 35215818
"How do I make the page redirect to an error page if the URL parameter is incorrect?"

Check that the value is correct before running the query

if ( value is correct ) {
    .... run query
}
else {

     header("Location: http://mydomain.com/errorPage.php", true, 404 );
     exit;
}

Don't leave the exit out. People seem to think it is not needed. If you can do without throwing a 404 then use

...
else {

     header("Location: http://mydomain.com/errorPage.php");
     exit;
}
0
 

Author Comment

by:petewinter
ID: 35215873
bportlock - Thanks. I suppose I need to check if the url parameter value is in the "link_name" column of my spares table. How can I do this?
0
Video: Liquid Web Managed WordPress Comparisons

If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35216171
Run the query. SELECT queries either return FALSE or a result set so code it like this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    echo "Sorry - the part you want is not available";
}
else {
    $row_rs_spares = mysql_fetch_assoc($rs_spares);
    $totalRows_rs_spares = mysql_num_rows($rs_spares);

    ....etc
}
0
 
LVL 34

Assisted Solution

by:Beverley Portlock
Beverley Portlock earned 1500 total points
ID: 35216196
Ignore the last post


$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    echo "Sorry - the part you want is not available";   // Query failure
}
else
    if ( mysql_num_rows($rs_spares) == 0 {
         echo "Sorry - the part you want is not available";   // No matching row
    }
    else{
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
        $totalRows_rs_spares = mysql_num_rows($rs_spares);

        ....etc
}
0
 

Author Comment

by:petewinter
ID: 35216529
Thanks, but still not working for me. Can you please check my code:

$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}

mysql_select_db($database_conn_tech8, $conn_tech8);
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));
$rs_spares = mysql_query($query_rs_spares, $conn_tech8) or die(mysql_error());

if ( ! $rs_spares ) {
    header("Location: http://mydomain.com/errorPage.php");
     exit;
}
else
    if ( mysql_num_rows($rs_spares) == 0 ) {
         header("Location: http://mydomain.com/errorPage.php");
     exit;
    }
    else{
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
            $totalRows_rs_spares = mysql_num_rows($rs_spares);
}
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35216624
What is the error? I don't know what I'm looking for otherwise.
0
 

Author Comment

by:petewinter
ID: 35217433
Sorry. See code attached. I always redirects to the first error page even if the url value is in the "link_name" column of my spares table. Why is this?
$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    header("Location: http://mydomain.com/errorPage1.php");
     exit;
}
else 
    if ( mysql_num_rows($rs_spares) == 0 ) {
         header("Location: http://mydomain.com/errorPage2.php");
     exit;
} else {
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
		$totalRows_rs_spares = mysql_num_rows($rs_spares);
}

Open in new window

0
 

Author Closing Comment

by:petewinter
ID: 35226910
Thanks. My issue has been solved.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35230467
Glad you're sorted.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog post, we’ll look at how ClickHouse performs in a general analytical workload using the star schema benchmark test.
Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question