Solved

url parameter error

Posted on 2011-03-25
10
251 Views
Last Modified: 2012-05-11
I have a page that the content is based on a URL parameter. See code below:

$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}
mysql_select_db($database_conn_tech8, $conn_tech8);
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = %s", GetSQLValueString($colname_rs_spares, "text"));
$rs_spares = mysql_query($query_rs_spares, $conn_tech8) or die(mysql_error());
$row_rs_spares = mysql_fetch_assoc($rs_spares);
$totalRows_rs_spares = mysql_num_rows($rs_spares);

but if the URL parameter is incorrect I get this error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

How do I make the page redirect to an error page if the URL parameter is incorrect?

0
Comment
Question by:petewinter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35215776
I suspect that this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = %s", GetSQLValueString($colname_rs_spares, "text"));

should be this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));
0
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 500 total points
ID: 35215818
"How do I make the page redirect to an error page if the URL parameter is incorrect?"

Check that the value is correct before running the query

if ( value is correct ) {
    .... run query
}
else {

     header("Location: http://mydomain.com/errorPage.php", true, 404 );
     exit;
}

Don't leave the exit out. People seem to think it is not needed. If you can do without throwing a 404 then use

...
else {

     header("Location: http://mydomain.com/errorPage.php");
     exit;
}
0
 

Author Comment

by:petewinter
ID: 35215873
bportlock - Thanks. I suppose I need to check if the url parameter value is in the "link_name" column of my spares table. How can I do this?
0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35216171
Run the query. SELECT queries either return FALSE or a result set so code it like this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    echo "Sorry - the part you want is not available";
}
else {
    $row_rs_spares = mysql_fetch_assoc($rs_spares);
    $totalRows_rs_spares = mysql_num_rows($rs_spares);

    ....etc
}
0
 
LVL 34

Assisted Solution

by:Beverley Portlock
Beverley Portlock earned 500 total points
ID: 35216196
Ignore the last post


$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    echo "Sorry - the part you want is not available";   // Query failure
}
else
    if ( mysql_num_rows($rs_spares) == 0 {
         echo "Sorry - the part you want is not available";   // No matching row
    }
    else{
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
        $totalRows_rs_spares = mysql_num_rows($rs_spares);

        ....etc
}
0
 

Author Comment

by:petewinter
ID: 35216529
Thanks, but still not working for me. Can you please check my code:

$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}

mysql_select_db($database_conn_tech8, $conn_tech8);
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));
$rs_spares = mysql_query($query_rs_spares, $conn_tech8) or die(mysql_error());

if ( ! $rs_spares ) {
    header("Location: http://mydomain.com/errorPage.php");
     exit;
}
else
    if ( mysql_num_rows($rs_spares) == 0 ) {
         header("Location: http://mydomain.com/errorPage.php");
     exit;
    }
    else{
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
            $totalRows_rs_spares = mysql_num_rows($rs_spares);
}
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35216624
What is the error? I don't know what I'm looking for otherwise.
0
 

Author Comment

by:petewinter
ID: 35217433
Sorry. See code attached. I always redirects to the first error page even if the url value is in the "link_name" column of my spares table. Why is this?
$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    header("Location: http://mydomain.com/errorPage1.php");
     exit;
}
else 
    if ( mysql_num_rows($rs_spares) == 0 ) {
         header("Location: http://mydomain.com/errorPage2.php");
     exit;
} else {
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
		$totalRows_rs_spares = mysql_num_rows($rs_spares);
}

Open in new window

0
 

Author Closing Comment

by:petewinter
ID: 35226910
Thanks. My issue has been solved.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35230467
Glad you're sorted.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to implement server side field validation and display customized error messages to the client.
Recently I was talking with Tim Sharp, one of my colleagues from our Technical Account Manager team about MongoDB’s scalability. While doing some quick training with some of the Percona team, Tim brought something to my attention...
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question