ReTech Posted January 31, 2014 Share Posted January 31, 2014 could someone please help me I have been trying to help a friend with his code for a few weeks now and it seems that the first query will not work for the if statement. i changed it ($slot_display) to a function and got it to display on the page, but I am far from being an expert... is there anything obviously wrong here besides depreciated code lol <? include 'db.php'; $genre = $_GET[id]; $result = mysql_query("SELECT `timeslot` FROM `aclient`"); $slot_display = mysql_fetch_row($result); if($slot_display == 4){ $resultb = mysql_query("SELECT `aad` FROM `aprog` WHERE `tag`='$genre'"); $songid = mysql_fetch_array($resultb); } $finalq = mysql_query("SELECT * FROM `mtracks` WHERE `id`='$songid'"); $shmedia = mysql_fetch_array($finalq); ?> i know this is a little off topic for this site but i figured i would ask somebody ... and fyi the timeslot does = 4 Quote Link to comment Share on other sites More sharing options...
Razor42 Posted January 31, 2014 Share Posted January 31, 2014 Are you sure the GET['id'] is working? Trying printing that and see if it does as the error could lie there. Also look into securing $_POST & $_GET Quote Link to comment Share on other sites More sharing options...
dnenb Posted January 31, 2014 Share Posted January 31, 2014 You should validate what you get from $_GET before using it in a query..! Quote Link to comment Share on other sites More sharing options...
Alan Posted January 31, 2014 Share Posted January 31, 2014 Amazing what people miss <?php # [1] include(__DIR__ . '/db.php'); # [2] $genre = array_key_exists('id', $_GET) && ctype_digit($_GET['id']) # [3] ? $_GET['id'] : 0; # [4] $sql = "SELECT timeslot FROM aclient"; # [5] $rs = mysql_query($sql); if (!is_resource($rs)) { # [6] trigger_error('MySQL query failed -- $sql -- ' . mysql_error()); exit; } $row = mysql_fetch_row($rs); mysql_free_result(); # [7] if (!is_array($row) || !count($row)) { # [8] trigger_error('Unexpected MySQL response to query -- ' . serialize($row)); exit; } $slot_display = $row[0]; if ($slot_display == 4) { $sql = "SELECT `aad` FROM `aprog` WHERE `tag` = $genre"; # [9] $rs = mysql_query($sql); if (!is_resource($rs)) { trigger_error('MySQL query failed -- $sql -- ' . mysql_error()); exit; } $row = mysql_fetch_row($rs); if (!is_array($row) || !count($row)) { trigger_error('Unexpected MySQL response to query -- ' . serialize($row)); exit; } $songid = $row[0]; } else { $songid = 0; # [10] } $sql = "SELECT * FROM mtracks WHERE id = $songid"; $rs = mysql_query($sql); if (!is_resource($rs)) { trigger_error('MySQL query failed -- $sql -- ' . mysql_error()); exit; } $row = mysql_fetch_row($rs); mysql_free_result(); if (!is_array($row)) { trigger_error('Unexpected MySQL response to query -- ' . serialize($row)); exit; } $shmedia = $row; 1. Use full php tags `<?php` not the short-open tags 2. Be explicit where you include files from 3. Check the user has actually passed some data and type check it 4. Provide a default (or throw an error) if missing or bad 5. Define the SQL prior to calling it (makes it easier when debugging) 6. Always check the result of mysql_query 7. Get into the habit of free'ing the result result (good practice) 8. Check the result of the fetch operation - there may be no rows after all 9. Indent your code - code is meant to be read by humans, it makes our lifes easier 10. Ensure variables are declared prior to SQL calls 11. Lose the terminating ?>, there's no need for it 12. Where possible, use PSR1 etc (Google it) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.