Pete Winter
asked on
url parameter error
I have a page that the content is based on a URL parameter. See code below:
$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
$colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']) ;
}
mysql_select_db($database_ conn_tech8 , $conn_tech8);
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = %s", GetSQLValueString($colname _rs_spares , "text"));
$rs_spares = mysql_query($query_rs_spar es, $conn_tech8) or die(mysql_error());
$row_rs_spares = mysql_fetch_assoc($rs_spar es);
$totalRows_rs_spares = mysql_num_rows($rs_spares) ;
but if the URL parameter is incorrect I get this error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
How do I make the page redirect to an error page if the URL parameter is incorrect?
$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
$colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare'])
}
mysql_select_db($database_
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = %s", GetSQLValueString($colname
$rs_spares = mysql_query($query_rs_spar
$row_rs_spares = mysql_fetch_assoc($rs_spar
$totalRows_rs_spares = mysql_num_rows($rs_spares)
but if the URL parameter is incorrect I get this error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
How do I make the page redirect to an error page if the URL parameter is incorrect?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
bportlock - Thanks. I suppose I need to check if the url parameter value is in the "link_name" column of my spares table. How can I do this?
Run the query. SELECT queries either return FALSE or a result set so code it like this
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname _rs_spares , "text"));
$rs_spares = mysql_query($query_rs_spar es, $conn_tech8) ;
if ( ! $rs_spares ) {
echo "Sorry - the part you want is not available";
}
else {
$row_rs_spares = mysql_fetch_assoc($rs_spar es);
$totalRows_rs_spares = mysql_num_rows($rs_spares) ;
....etc
}
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname
$rs_spares = mysql_query($query_rs_spar
if ( ! $rs_spares ) {
echo "Sorry - the part you want is not available";
}
else {
$row_rs_spares = mysql_fetch_assoc($rs_spar
$totalRows_rs_spares = mysql_num_rows($rs_spares)
....etc
}
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, but still not working for me. Can you please check my code:
$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
$colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']) ;
}
mysql_select_db($database_ conn_tech8 , $conn_tech8);
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname _rs_spares , "text"));
$rs_spares = mysql_query($query_rs_spar es, $conn_tech8) or die(mysql_error());
if ( ! $rs_spares ) {
header("Location: http://mydomain.com/errorPage.php");
exit;
}
else
if ( mysql_num_rows($rs_spares) == 0 ) {
header("Location: http://mydomain.com/errorPage.php");
exit;
}
else{
$row_rs_spares = mysql_fetch_assoc($rs_spar es);
$totalRows_rs_spares = mysql_num_rows($rs_spares) ;
}
$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
$colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare'])
}
mysql_select_db($database_
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname
$rs_spares = mysql_query($query_rs_spar
if ( ! $rs_spares ) {
header("Location: http://mydomain.com/errorPage.php");
exit;
}
else
if ( mysql_num_rows($rs_spares)
header("Location: http://mydomain.com/errorPage.php");
exit;
}
else{
$row_rs_spares = mysql_fetch_assoc($rs_spar
$totalRows_rs_spares = mysql_num_rows($rs_spares)
}
What is the error? I don't know what I'm looking for otherwise.
ASKER
Sorry. See code attached. I always redirects to the first error page even if the url value is in the "link_name" column of my spares table. Why is this?
$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
$colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));
$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;
if ( ! $rs_spares ) {
header("Location: http://mydomain.com/errorPage1.php");
exit;
}
else
if ( mysql_num_rows($rs_spares) == 0 ) {
header("Location: http://mydomain.com/errorPage2.php");
exit;
} else {
$row_rs_spares = mysql_fetch_assoc($rs_spares);
$totalRows_rs_spares = mysql_num_rows($rs_spares);
}
ASKER
Thanks. My issue has been solved.
Glad you're sorted.
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = %s", GetSQLValueString($colname
should be this
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname