SitePoint Sponsor

User Tag List

Results 1 to 20 of 20
  1. #1
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    how to stop errors showing (novice)

    hi just had a thread on something quite similar, and when i added to

    Code:
    http://mysite.com/index.php?link=blar..blar..blar
    it would return to the default, as shown, and no errors would be shown:

    PHP Code:
    $page trim(addslashes($_GET['link'])); 
        if(
    $page == "news"){ 
            include 
    "news.php"
        } 
        elseif(
    $page == "tower"){ 
            include 
    "tower.php"
        } 
        elseif(
    $page == "indexreview"){ 
            include 
    "indexreview.php"
        } 
        else { 
            include 
    "default.php"
        } 
    ?> 
    but no im running a gallery with:

    Code:
    http://mysite.com/viewphoto.php?photo_id=3
    when i

    Code:
    http://mysite.com/viewphoto.php?photo_id=blar...blar..blar...
    it returns an error:

    Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 5 in /home/site/public_html/viewphoto.php on line 31

    line 31:
    PHP Code:
    echo '<img src="images/paddy/'.mysql_result($resource,0,"image").'">'
    so how can i get rid of this error message and if any1 trys to add on to the url, ignore it and return to my main photo page?

    thanks!!

  2. #2
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    any1?

  3. #3
    PHP Brainiac dg_den_golotyuk's Avatar
    Join Date
    Jul 2006
    Location
    Kiev, Ukraine
    Posts
    335
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    echo '<img src="images/paddy/'.mysql_result($resource,0,"image").'">';
    Instead of that, must add something like this:
    PHP Code:
    <?php

    $img 
    = @mysql_result($resource,0,"image");

    if ( !
    $img )
    {
    header('Location: index.html');
    exit;
    }

    echo 
    '<img src="images/paddy/'.$img.'">'

    ?>
    DG [Den Golotyuk], Lead Developer
    Chestnut Software
    Avoid web outsourcing scams!
    Click here
    for a free downloadable report

  4. #4
    SitePoint Evangelist chiphunt1's Avatar
    Join Date
    Oct 2003
    Location
    louisville, ky
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $photo_id $_GET['photo_id'];
        if(!
    is_numeric($page) || $page == whatever range of values is incorrect){
            
    header('Location: http://www.example.com/');   // redirect to previous page whatever that URL might be
        

    Calm down -- it's only ones and zeroes

  5. #5
    SitePoint Evangelist chiphunt1's Avatar
    Join Date
    Oct 2003
    Location
    louisville, ky
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Post your code before you do the header redirect. You cannot have any HTML output beforehand. Lets see what you have.

    -- you deleted your last response which was cannot modify header information... I guess you got it fixed
    Calm down -- it's only ones and zeroes

  6. #6
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    am not sure were to place all this now.

    this is what i have on my page:

    PHP Code:
    $photo_id $_GET['photo_id']; 
    $update mysql_query("UPDATE photograph SET views = views+1 WHERE photo_id = '".mysql_real_escape_string($photo_id)."'") or die(mysql_error());
    $resource mysql_query("SELECT image FROM photograph WHERE photo_id = '".mysql_real_escape_string($photo_id)."'") or die(mysql_error());
    echo 
    '<img src="images/paddy/'.mysql_result($resource,0,"image").'">'
    i tryed dg_den_golotyuk way and it gave an error:

    Code:
    Warning: Cannot modify header information - headers already sent by
    (output started at /home/site/public_html/includes/header.inc.html:4
    in /home/site/public_html/viewphoto.php on line 35
    ??? thanks!!!!!

  7. #7
    SitePoint Evangelist chiphunt1's Avatar
    Join Date
    Oct 2003
    Location
    louisville, ky
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You need to check $photo_id = $_GET['photo_id'];

    if($photo_id ....... why even do the query if photo_id isn't correct?

    Check the photo_id and if it isn't correct, then redirect to the previous page.
    Calm down -- it's only ones and zeroes

  8. #8
    PHP Brainiac dg_den_golotyuk's Avatar
    Join Date
    Jul 2006
    Location
    Kiev, Ukraine
    Posts
    335
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $photo_id = $_GET['photo_id'];
    $update = mysql_query("UPDATE photograph SET views = views+1 WHERE photo_id = '".mysql_real_escape_string($photo_id)."'") or die(mysql_error());
    $resource = mysql_query("SELECT image FROM photograph WHERE photo_id = '".mysql_real_escape_string($photo_id)."'") or die(mysql_error());
    echo '<img src="images/paddy/'.mysql_result($resource,0,"image").'">';
    You can simply change it to:
    PHP Code:
    $photo_id = (int)$_GET['photo_id']; 
    $update mysql_query("UPDATE photograph SET views = views+1 WHERE photo_id = '".mysql_real_escape_string($photo_id)."'") or die(mysql_error()); 
    $resource mysql_query("SELECT image FROM photograph WHERE photo_id = '".mysql_real_escape_string($photo_id)."'") or die(mysql_error()); 
    echo 
    '<img src="images/paddy/'.mysql_result($resource,0,"image").'">'
    DG [Den Golotyuk], Lead Developer
    Chestnut Software
    Avoid web outsourcing scams!
    Click here
    for a free downloadable report

  9. #9
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    no it is correct, the images are working fine, it's when i add, blar de blar.. to the url

    http://mysite.com/viewphoto.php?photo_id=4
    shows img

    http://mysite.com/viewphoto.php?phot...r...blar..blar...
    shows error, were i want to redirect or just stay on the same page without errors showing , a security fix really so no 1 can run the own files from the url

    if iam making sense here?

    thanks

  10. #10
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks dg_den_golotyuk

    now it says:

    Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 5 in /home/site/public_html/viewphoto.php on line 32

    ??? cheers!

    line 32
    PHP Code:
    echo '<img src="images/paddy/'.mysql_result($resource,0,"image").'">'

  11. #11
    PHP Brainiac dg_den_golotyuk's Avatar
    Join Date
    Jul 2006
    Location
    Kiev, Ukraine
    Posts
    335
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So try the next code instead of yours:
    PHP Code:
    $photo_id = (int)$_GET['photo_id']; 
    $update mysql_query("UPDATE photograph SET views = views+1 WHERE photo_id = '".mysql_real_escape_string($photo_id)."'") or die(mysql_error()); 
    $resource mysql_query("SELECT image FROM photograph WHERE photo_id = '".mysql_real_escape_string($photo_id)."'") or die(mysql_error()); 
    $img = @mysql_result($resource,0,"image");
    if ( 
    $img )
    {
        echo 
    '<img src="images/paddy/'.$img.'">';
    }
    else
    {
        echo 
    'Aaa. Don't hack me!';

    DG [Den Golotyuk], Lead Developer
    Chestnut Software
    Avoid web outsourcing scams!
    Click here
    for a free downloadable report

  12. #12
    SitePoint Evangelist chiphunt1's Avatar
    Join Date
    Oct 2003
    Location
    louisville, ky
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $photo_id $_GET['photo_id'];
     
    if( 
    is_int($photo_id){

      
    $update mysql_query("UPDATE photograph SET views = views+1 WHERE     photo_id = '".mysql_real_escape_string($photo_id)."'") or die(mysql_error());
    $resource mysql_query("SELECT image FROM photograph WHERE photo_id = '".mysql_real_escape_string($photo_id)."'") or die(mysql_error());
    echo 
    '<img src="images/paddy/'.mysql_result($resource,0,"image").'">';

    }else{
         echo 
    $photo_id " is not a correct photo id";


    OR

    PHP Code:
    $photo_id $_GET['photo_id'];
     
    if( !
    is_int($photo_id){

      
    header("Location: http://www.yourpage.com/selectPhoto");  // where you want to redirect  

    }else{
        

    $update mysql_query("UPDATE photograph SET views = views+1 WHERE     photo_id = '".mysql_real_escape_string($photo_id)."'") or die(mysql_error());
    $resource mysql_query("SELECT image FROM photograph WHERE photo_id = '".mysql_real_escape_string($photo_id)."'") or die(mysql_error());
    echo 
    '<img src="images/paddy/'.mysql_result($resource,0,"image").'">';



    Calm down -- it's only ones and zeroes

  13. #13
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    lol thanks dg_den_golotyuk

    that works

    thanks chiphunt
    but it gives an error:

    Parse error: syntax error, unexpected '{' in /home/site/public_html/viewphoto.php on line 31

    line 31:
    if( !is_int($photo_id){

    so what the diffrence between the 2??

    thanks

  14. #14
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    also i will be having this type of method running with diffrent stuff.

    example: photos, reviews, and so on. so i want a solid way of keeping the hackers away, if u no what i mean.. so will i just repeat the same process ??

    thanks

  15. #15
    PHP Brainiac dg_den_golotyuk's Avatar
    Join Date
    Jul 2006
    Location
    Kiev, Ukraine
    Posts
    335
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, of course. You are welcome
    DG [Den Golotyuk], Lead Developer
    Chestnut Software
    Avoid web outsourcing scams!
    Click here
    for a free downloadable report

  16. #16
    SitePoint Evangelist chiphunt1's Avatar
    Join Date
    Oct 2003
    Location
    louisville, ky
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I guess we have different philosophies. I wouldn't even execute the query unless photo_id is valid.

    You just needed a closing parenthesis: if( !is_int($photo_id)){

    The first way keeps you on the same page and the second will redirect you to the previous page.
    Calm down -- it's only ones and zeroes

  17. #17
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes photo_id is a field in my table

    thanks

  18. #18
    PHP Brainiac dg_den_golotyuk's Avatar
    Join Date
    Jul 2006
    Location
    Kiev, Ukraine
    Posts
    335
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by chiphunt1
    I guess we have different philosophies. I wouldn't even execute the query unless photo_id is valid.

    You just needed a closing parenthesis: if( !is_int($photo_id)){

    The first way keeps you on the same page and the second will redirect you to the previous page.
    If you got (int)$_GET['photo_id'] - you don't need any integer compare statements. The value is translated to an integer automatically. If it is not integer - the it return 0!
    DG [Den Golotyuk], Lead Developer
    Chestnut Software
    Avoid web outsourcing scams!
    Click here
    for a free downloadable report

  19. #19
    PHP Brainiac dg_den_golotyuk's Avatar
    Join Date
    Jul 2006
    Location
    Kiev, Ukraine
    Posts
    335
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by chiphunt1
    I guess we have different philosophies. I wouldn't even execute the query unless photo_id is valid.

    You just needed a closing parenthesis: if( !is_int($photo_id)){

    The first way keeps you on the same page and the second will redirect you to the previous page.

    No philosophy - just shorting the code
    DG [Den Golotyuk], Lead Developer
    Chestnut Software
    Avoid web outsourcing scams!
    Click here
    for a free downloadable report

  20. #20
    SitePoint Evangelist chiphunt1's Avatar
    Join Date
    Oct 2003
    Location
    louisville, ky
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you got (int)$_GET['photo_id'] - you don't need any integer compare statements. The value is translated to an integer automatically. If it is not integer - the it return 0!
    Understood, but why execute the query if($photo_id <= 0) ?


    $photo_id = (int)$_GET['photo_id'];
    if($photo_id > 0){
    $update = mysql_query("UPDATE photograph SET views = views+1 WHERE photo_id = $photo_id") or die(mysql_error());
    $resource = mysql_query("SELECT image FROM photograph WHERE photo_id = $photo_id") or die(mysql_error());
    $img = @mysql_result($resource,0,"image");
    echo '<img src="images/paddy/'.$img.'">';
    else{
    echo $photo_id . " is not a valid photo id ";
    }
    Calm down -- it's only ones and zeroes


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •