SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    SitePoint Wizard rctneil's Avatar
    Join Date
    Jun 2005
    Posts
    1,891
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Spot the problem

    ARGH!!!
    Was just looking around my new site when i accessed one page and there were errors all over it. It was a page that was working and i have not changed it since making hat page and it was working fine before. Below is the code for the page, can anyone read through it and spot if something is missing and find out what has gone wrong?

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

    PHP Code:
    <html>
    <head>
    <?php
            
    include "db.php";

    //getting dltypeid from previous page
    if (isset($_GET['dltypeid'])) { 
    $dltypeid=$_GET['dltypeid']; 
            
    // do query
    $result mysql_query("SELECT atm_downloads.dlname, atm_downloads.link, atm_downloads.description, atm_downloads.dltypeid, atm_dltype.id, atm_dltype.pagedesc, atm_dltype.headingname, atm_dltype.type FROM atm_downloads, atm_dltype WHERE atm_downloads.dltypeid = '$dltypeid' AND atm_dltype.id = atm_downloads.dltypeid") or die('Error, query failed');

    }

    $row mysql_fetch_array($result)



    ?> 
    <link rel="shortcut icon" href="http://www.atmania.com/atm.ico">
        <title>::Alton Towers Mania:: - <?php echo $row['type']; ?></title>
        <link rel=stylesheet type="text/css" href="style.css">
    </head>

    <body background="img/background.jpg" bottommargin="0" leftmargin="0" marginheight="0" marginwidth="0" rightmargin="0" topmargin="0">

    <center><table width="765" height="100%" cellpadding="0" cellspacing="0" border="0" background="img/mainbackground.jpg"><tr valign="top"><td><table width="764" height="42" border="0" cellpadding="0" cellspacing="0" background="img/left1bg.jpg">
        <tr valign="top">
          <td width="113" background="img/toplogobg.jpg"><img src="img/blanklogo_topoflogo.jpg" width="248" height="97"></td>
          <td width="651" background="img/toplogobg.jpg"><table width="95%" border="0" align="center" cellpadding="0" cellspacing="0">
            <tr>
              <td><div align="center"><?php
    include "header.php";
    ?></div></td>
            </tr>
          </table></td>
        </tr>
        <tr valign="top">
    <td colspan="2" background="img/left1bg.jpg"><img src="img/left1_bottomoflogo2.jpg" width="169" height="42"></td>
    </tr>
    </table>

    <table width="764" height="506" border="0" cellpadding="0" cellspacing="0">
        <tr valign="top">

          <td width="150" height="324"><table width="100%" border="0" cellspacing="0" cellpadding="0">
            <tr>
              <td><?php
    include "nav.php";
    ?></td>
            </tr>
          </table>
            <!-- menu below, copy and paste the menudivider.jpg code as necessary -->
              <!-- the &nbsp; is code for a one letter space -->
            <!-- end menu --></td>
          <td width="9">&nbsp;</td>
    <td width="596"><BR>
    <BR>
    <p align="justify"><?php echo $row['pagedesc']; ?></p>

    <!--PHP CODE TO ADD DOWNLOADS DYNAMICALLY-->


          </div>   

    <table width="90%" border="1" align="center" cellpadding="0" cellspacing="0">

    <tr> 
        <td style="vertical-align:middle" width="28%"><div align="center"><strong><?php echo $row['headingname']; ?></strong></div></td> 
        <td style="vertical-align:middle" width="50%"><div align="center"><strong>Description</strong></div></td> 
        <td style="vertical-align:middle" width="22%"><div align="center"><strong>Download</strong></div></td> 
        </tr>

    <?php

    //$downloadid=$row['id']; 

    // go through the database and while there are different downloads add them to the list dynamically
    $row=mysql_data_seek($result,0);
    while (
    $row mysql_fetch_array($result)) { 

    echo 
    '<tr><td style="vertical-align:middle"><div align="center">'$row['dlname'] .'</div></td>';
    echo 
    '<td style="vertical-align:middle"><div align="center">'$row['description'] .'</div></td>';
    echo 
    '<td style="vertical-align:middle"><div align="center"><a href="'$row['link'] .'"><img src="img/downloadbutton.gif" border="0"></a></div></td></tr>';

    }

    ?>

    </table>

    <!--END PHP CODE TO ADD DOWNLOADS DYNAMICALY-->

    <p align="justify">&nbsp;</p>
    <table width="100%" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td><div align="center">
          <?php
    include "footer.php";
    ?>
        </div></td>
      </tr>
    </table>
    </td>
    <td width="8">&nbsp;</td>
        </tr>
    </table>
    </td></tr></table></center>
    </body>
    </html>
    Thanks

    Neil

  2. #2
    SitePoint Addict
    Join Date
    Sep 2004
    Location
    Kelowna, BC
    Posts
    202
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what's the error message?

  3. #3
    SitePoint Wizard rctneil's Avatar
    Join Date
    Jun 2005
    Posts
    1,891
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  4. #4
    SitePoint Guru
    Join Date
    Jul 2005
    Location
    Orlando
    Posts
    634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Looks like the $row is being set with empty values.

    I'd try echoing out the query to make sure the variables that are in it contain what you think they should, and then print_r out the row to make sure that contains what you expect it to.

  5. #5
    SitePoint Addict
    Join Date
    Sep 2004
    Location
    Kelowna, BC
    Posts
    202
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes, im wondering that too. you can output the SQL string to see if the value is empty. usually when i get errors, i output the string and copy it into myphpadmin and run it, i find it easier to debug.

    one other thing that's standing out for me is that you're using 'type' for a column name which may/may not cause problems as it's a reserved word. maybe try changing the column name to a word that's not reserved?

    also, you might want to wrap an if statement that checks to see if records exist and if they do display them, and if they don't, let the user know there were no records found.

  6. #6
    SitePoint Wizard rctneil's Avatar
    Join Date
    Jun 2005
    Posts
    1,891
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm confuse at what you want me to try. That page has been working fine for weeks and then yeserday i looked and it was like that. The page receives a passed variable from the previous page and i know thta it is being received as in the title bar it says "Alton Towers Mania - VIDEOS" The word videos is called from one of the db tables. So it is something after that part of the page?

    Thanks

    Neil

  7. #7
    SitePoint Guru themightystephen's Avatar
    Join Date
    Mar 2005
    Location
    England
    Posts
    608
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In my opinion it looks like you have several different values for $row, which is causing the php parser to get confused. I'm not an expert but you could just have a careful look at $row and see if there are any problems with how the values have been called.

    Have a look and see.
    Get your heelys now at flywalk.co.uk - But what are heelys?
    Heelys are simply shoes with wheels in the heels!

    Flywalk.co.uk - The UK Heelys Retailer

  8. #8
    SitePoint Enthusiast
    Join Date
    Jun 2004
    Location
    dublin, Ireland
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    //getting dltypeid from previous page
    if (isset($_GET['dltypeid'])) {
    $dltypeid=$_GET['dltypeid'];
            
    // do query
    $result mysql_query("SELECT atm_downloads.dlname, atm_downloads.link, atm_downloads.description, atm_downloads.dltypeid, atm_dltype.id, atm_dltype.pagedesc, atm_dltype.headingname, atm_dltype.type FROM atm_downloads, atm_dltype WHERE atm_downloads.dltypeid = '$dltypeid' AND atm_dltype.id = atm_downloads.dltypeid") or die('Error, query failed'); 
    you're not escaping your $_GET values. could someone have put in values that allowed them to alter your database / delete informtion?

  9. #9
    SitePoint Wizard rctneil's Avatar
    Join Date
    Jun 2005
    Posts
    1,891
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How do you mean by escaping the values?

    Don't think people could change values except for me.

    Thanks

    Neil

  10. #10
    SitePoint Enthusiast
    Join Date
    Jun 2004
    Location
    dublin, Ireland
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you use the $_GET['dltypeid'] variable which is just a value typed into the url.
    I'm not familiar with exactly how it's done but its called 'sql injection'
    if a person puts in an sql command into the url it may get included in your statement and actually executed on your server.

    You should check that values submitted by a user (GET or POST ) are not too long, contain only the data they should or are not 'tainted' in some other dangerous way.
    I don't think this is what's causing your problem but it's generally a bad idea.

    Looking at it in more detail:
    your mysql_fetch_array isn't returning an array

    PHP Code:
    // go through the database and while there are different downloads add them to the list dynamically
    $row=mysql_data_seek($result,0);
    while (
    $row mysql_fetch_array($result)) {

    echo 
    '<tr><td style="vertical-align:middle"><div align="center">'$row['dlname'] .'</div></td>';
    echo 
    '<td style="vertical-align:middle"><div align="center">'$row['description'] .'</div></td>';
    echo 
    '<td style="vertical-align:middle"><div align="center"><a href="'$row['link'] .'"><img src="img/downloadbutton.gif" border="0"></a></div></td></tr>'
    inside your while loop you try to print out data from the database and the error you see is caused by your $row array not having any values.

    l
    Last edited by scoby; Apr 29, 2006 at 06:25. Reason: clearing up MY confusion

  11. #11
    SitePoint Enthusiast
    Join Date
    Jun 2004
    Location
    dublin, Ireland
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    can you use a tool like phpmyadmin to check that there are actually the proper values in your database?

    or use print_r(); to show what's being returned from the database.


    SELECT atm_downloads.dlname, atm_downloads.link, atm_downloads.description, atm_downloads.dltypeid, atm_dltype.id, atm_dltype.pagedesc, atm_dltype.headingname, atm_dltype.type FROM atm_downloads, atm_dltype WHERE
    atm_downloads.dltypeid = '19'
    AND atm_dltype.id = atm_downloads.dltypeid

  12. #12
    SitePoint Wizard rctneil's Avatar
    Join Date
    Jun 2005
    Posts
    1,891
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    When running the query in phpmyadmin, I get the correct results. But still get the errors on the page?

    Please help.

    Thanks

    Neil

  13. #13
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    print_r($row); in your last while() loop.

    this will show you what data your row contains. your problem is, it does not contain what you think it does.

  14. #14
    SitePoint Wizard rctneil's Avatar
    Join Date
    Jun 2005
    Posts
    1,891
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I did the printr thing - never used that before and it was getting something from another db table. The problem was that in one of my sites include files i had another db php part which got a random tip to show in the navigation bar and that used "$row" and "$result" so i changed in the include file row to line and result to answer and uploaded it and tried it and now the page is back to normal!

    Cheers

    Neil


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •