Solved

url parameter error

Posted on 2011-03-25
10
245 Views
Last Modified: 2012-05-11
I have a page that the content is based on a URL parameter. See code below:

$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}
mysql_select_db($database_conn_tech8, $conn_tech8);
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = %s", GetSQLValueString($colname_rs_spares, "text"));
$rs_spares = mysql_query($query_rs_spares, $conn_tech8) or die(mysql_error());
$row_rs_spares = mysql_fetch_assoc($rs_spares);
$totalRows_rs_spares = mysql_num_rows($rs_spares);

but if the URL parameter is incorrect I get this error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

How do I make the page redirect to an error page if the URL parameter is incorrect?

0
Comment
Question by:petewinter
  • 6
  • 4
10 Comments
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35215776
I suspect that this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = %s", GetSQLValueString($colname_rs_spares, "text"));

should be this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));
0
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 500 total points
ID: 35215818
"How do I make the page redirect to an error page if the URL parameter is incorrect?"

Check that the value is correct before running the query

if ( value is correct ) {
    .... run query
}
else {

     header("Location: http://mydomain.com/errorPage.php", true, 404 );
     exit;
}

Don't leave the exit out. People seem to think it is not needed. If you can do without throwing a 404 then use

...
else {

     header("Location: http://mydomain.com/errorPage.php");
     exit;
}
0
 

Author Comment

by:petewinter
ID: 35215873
bportlock - Thanks. I suppose I need to check if the url parameter value is in the "link_name" column of my spares table. How can I do this?
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35216171
Run the query. SELECT queries either return FALSE or a result set so code it like this

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    echo "Sorry - the part you want is not available";
}
else {
    $row_rs_spares = mysql_fetch_assoc($rs_spares);
    $totalRows_rs_spares = mysql_num_rows($rs_spares);

    ....etc
}
0
 
LVL 34

Assisted Solution

by:Beverley Portlock
Beverley Portlock earned 500 total points
ID: 35216196
Ignore the last post


$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    echo "Sorry - the part you want is not available";   // Query failure
}
else
    if ( mysql_num_rows($rs_spares) == 0 {
         echo "Sorry - the part you want is not available";   // No matching row
    }
    else{
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
        $totalRows_rs_spares = mysql_num_rows($rs_spares);

        ....etc
}
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:petewinter
ID: 35216529
Thanks, but still not working for me. Can you please check my code:

$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}

mysql_select_db($database_conn_tech8, $conn_tech8);
$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));
$rs_spares = mysql_query($query_rs_spares, $conn_tech8) or die(mysql_error());

if ( ! $rs_spares ) {
    header("Location: http://mydomain.com/errorPage.php");
     exit;
}
else
    if ( mysql_num_rows($rs_spares) == 0 ) {
         header("Location: http://mydomain.com/errorPage.php");
     exit;
    }
    else{
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
            $totalRows_rs_spares = mysql_num_rows($rs_spares);
}
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35216624
What is the error? I don't know what I'm looking for otherwise.
0
 

Author Comment

by:petewinter
ID: 35217433
Sorry. See code attached. I always redirects to the first error page even if the url value is in the "link_name" column of my spares table. Why is this?
$colname_rs_spares = "-1";
if (isset($_GET['spare'])) {
  $colname_rs_spares = (get_magic_quotes_gpc()) ? $_GET['spare'] : addslashes($_GET['spare']);
}

$query_rs_spares = sprintf("SELECT * FROM spares WHERE link_name = '%s' ", GetSQLValueString($colname_rs_spares, "text"));

$rs_spares = mysql_query($query_rs_spares, $conn_tech8) ;

if ( ! $rs_spares ) {
    header("Location: http://mydomain.com/errorPage1.php");
     exit;
}
else 
    if ( mysql_num_rows($rs_spares) == 0 ) {
         header("Location: http://mydomain.com/errorPage2.php");
     exit;
} else {
        $row_rs_spares = mysql_fetch_assoc($rs_spares);
		$totalRows_rs_spares = mysql_num_rows($rs_spares);
}

Open in new window

0
 

Author Closing Comment

by:petewinter
ID: 35226910
Thanks. My issue has been solved.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35230467
Glad you're sorted.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

SQL Command Tool comes with APEX under SQL Workshop. It helps us to make changes on the database directly using a graphical user interface. This helps us writing any SQL/ PLSQL queries and execute it on the database and we can create any database ob…
Read about achieving the basic levels of HRIS security in the workplace.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now