Solved

url parameter error

Posted on 2011-03-25
10
246 Views
Last Modified: 2012-05-11
I have a page that the content is based on a URL parameter. See code below:

$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}
mysql_select_db($database_conn_tech8, $conn_tech8);
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = %s", GetSQLValueString($colname_rs_spares, "text"));
$rs_spares = mysql_query($query_rs_spares, $conn_tech8) or die(mysql_error());
$row_rs_spares = mysql_fetch_assoc($rs_spares);
$totalRows_rs_spares = mysql_num_rows($rs_spares);

but if the URL parameter is incorrect I get this error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

How do I make the page redirect to an error page if the URL parameter is incorrect?

0
Comment
Question by:petewinter
  • 6
  • 4
10 Comments
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35215776
I suspect that this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = %s", GetSQLValueString($colname_rs_spares, "text"));

should be this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));
0
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 500 total points
ID: 35215818
"How do I make the page redirect to an error page if the URL parameter is incorrect?"

Check that the value is correct before running the query

if ( value is correct ) {
    .... run query
}
else {

     header("Location: http://mydomain.com/errorPage.php", true, 404 );
     exit;
}

Don't leave the exit out. People seem to think it is not needed. If you can do without throwing a 404 then use

...
else {

     header("Location: http://mydomain.com/errorPage.php");
     exit;
}
0
 

Author Comment

by:petewinter
ID: 35215873
bportlock - Thanks. I suppose I need to check if the url parameter value is in the "link_name" column of my spares table. How can I do this?
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35216171
Run the query. SELECT queries either return FALSE or a result set so code it like this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    echo "Sorry - the part you want is not available";
}
else {
    $row_rs_spares = mysql_fetch_assoc($rs_spares);
    $totalRows_rs_spares = mysql_num_rows($rs_spares);

    ....etc
}
0
 
LVL 34

Assisted Solution

by:Beverley Portlock
Beverley Portlock earned 500 total points
ID: 35216196
Ignore the last post


$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    echo "Sorry - the part you want is not available";   // Query failure
}
else
    if ( mysql_num_rows($rs_spares) == 0 {
         echo "Sorry - the part you want is not available";   // No matching row
    }
    else{
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
        $totalRows_rs_spares = mysql_num_rows($rs_spares);

        ....etc
}
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:petewinter
ID: 35216529
Thanks, but still not working for me. Can you please check my code:

$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}

mysql_select_db($database_conn_tech8, $conn_tech8);
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));
$rs_spares = mysql_query($query_rs_spares, $conn_tech8) or die(mysql_error());

if ( ! $rs_spares ) {
    header("Location: http://mydomain.com/errorPage.php");
     exit;
}
else
    if ( mysql_num_rows($rs_spares) == 0 ) {
         header("Location: http://mydomain.com/errorPage.php");
     exit;
    }
    else{
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
            $totalRows_rs_spares = mysql_num_rows($rs_spares);
}
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35216624
What is the error? I don't know what I'm looking for otherwise.
0
 

Author Comment

by:petewinter
ID: 35217433
Sorry. See code attached. I always redirects to the first error page even if the url value is in the "link_name" column of my spares table. Why is this?
$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    header("Location: http://mydomain.com/errorPage1.php");
     exit;
}
else 
    if ( mysql_num_rows($rs_spares) == 0 ) {
         header("Location: http://mydomain.com/errorPage2.php");
     exit;
} else {
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
		$totalRows_rs_spares = mysql_num_rows($rs_spares);
}

Open in new window

0
 

Author Closing Comment

by:petewinter
ID: 35226910
Thanks. My issue has been solved.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35230467
Glad you're sorted.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Entering a date in Microsoft Access can be tricky. A typo can cause month and day to be shuffled, entering the day only causes an error, as does entering, say, day 31 in June. This article shows how an inputmask supported by code can help the user a…
Creating and Managing Databases with phpMyAdmin in cPanel.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now