• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 255
  • Last Modified:

url parameter error

I have a page that the content is based on a URL parameter. See code below:

$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}
mysql_select_db($database_conn_tech8, $conn_tech8);
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = %s", GetSQLValueString($colname_rs_spares, "text"));
$rs_spares = mysql_query($query_rs_spares, $conn_tech8) or die(mysql_error());
$row_rs_spares = mysql_fetch_assoc($rs_spares);
$totalRows_rs_spares = mysql_num_rows($rs_spares);

but if the URL parameter is incorrect I get this error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

How do I make the page redirect to an error page if the URL parameter is incorrect?

0
petewinter
Asked:
petewinter
  • 6
  • 4
2 Solutions
 
Beverley PortlockCommented:
I suspect that this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = %s", GetSQLValueString($colname_rs_spares, "text"));

should be this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));
0
 
Beverley PortlockCommented:
"How do I make the page redirect to an error page if the URL parameter is incorrect?"

Check that the value is correct before running the query

if ( value is correct ) {
    .... run query
}
else {

     header("Location: http://mydomain.com/errorPage.php", true, 404 );
     exit;
}

Don't leave the exit out. People seem to think it is not needed. If you can do without throwing a 404 then use

...
else {

     header("Location: http://mydomain.com/errorPage.php");
     exit;
}
0
 
petewinterAuthor Commented:
bportlock - Thanks. I suppose I need to check if the url parameter value is in the "link_name" column of my spares table. How can I do this?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Beverley PortlockCommented:
Run the query. SELECT queries either return FALSE or a result set so code it like this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    echo "Sorry - the part you want is not available";
}
else {
    $row_rs_spares = mysql_fetch_assoc($rs_spares);
    $totalRows_rs_spares = mysql_num_rows($rs_spares);

    ....etc
}
0
 
Beverley PortlockCommented:
Ignore the last post


$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    echo "Sorry - the part you want is not available";   // Query failure
}
else
    if ( mysql_num_rows($rs_spares) == 0 {
         echo "Sorry - the part you want is not available";   // No matching row
    }
    else{
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
        $totalRows_rs_spares = mysql_num_rows($rs_spares);

        ....etc
}
0
 
petewinterAuthor Commented:
Thanks, but still not working for me. Can you please check my code:

$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}

mysql_select_db($database_conn_tech8, $conn_tech8);
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));
$rs_spares = mysql_query($query_rs_spares, $conn_tech8) or die(mysql_error());

if ( ! $rs_spares ) {
    header("Location: http://mydomain.com/errorPage.php");
     exit;
}
else
    if ( mysql_num_rows($rs_spares) == 0 ) {
         header("Location: http://mydomain.com/errorPage.php");
     exit;
    }
    else{
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
            $totalRows_rs_spares = mysql_num_rows($rs_spares);
}
0
 
Beverley PortlockCommented:
What is the error? I don't know what I'm looking for otherwise.
0
 
petewinterAuthor Commented:
Sorry. See code attached. I always redirects to the first error page even if the url value is in the "link_name" column of my spares table. Why is this?
$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    header("Location: http://mydomain.com/errorPage1.php");
     exit;
}
else 
    if ( mysql_num_rows($rs_spares) == 0 ) {
         header("Location: http://mydomain.com/errorPage2.php");
     exit;
} else {
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
		$totalRows_rs_spares = mysql_num_rows($rs_spares);
}

Open in new window

0
 
petewinterAuthor Commented:
Thanks. My issue has been solved.
0
 
Beverley PortlockCommented:
Glad you're sorted.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now