SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Evangelist
    Join Date
    Dec 2000
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Angry Why is my script not working?

    Hi all,

    Does anybody know why the following script is not working? You can see what I mean at: http://www.justforwebmasters.com/new...bar.php/Create
    PHP Code:
    <?php // navbar.php

    // Allow the web address to have slashes instead of question amrks
    $url_array explode("/",$PATH_INFO);
    $bigcat $url_array[1];
    ?>
         <table width="100%" cellspacing="0" cellpadding="1" border="0">
    <?php
    include("/home/corby/phplib/pass.inc");
    mysql_select_db(justforwebmasters_com$cnx);

    $cats mysql_query("SELECT * FROM Cats WHERE BigCat='$bigcat' ORDER BY Title ASC");
    if (!
    $cats) {
      echo(
    "<P>Error retrieving categories from database:<br>".
           
    "Error: " mysql_error());
      exit();
    }

    while (
    $cat mysql_fetch_array($cats)) {
      
    $CateID   $cat["ID"];
      
    $CateTitle $cat["Title"];
      
    $CateDesc  $cat["Description"];

      
    $CateTitle  stripslashes($CatTitle);
      
    $CateDesc   stripslashes($CatDesc);

    ?>
    <tr>
             <td background="http://justforwebmasters.com/new/images/blueback.gif" align="center"><a href="/cats/<?php echo($CateID); ?>" class="NavHead"><b><?php echo($CateTitle); ?></b></a></td>
         </tr>
         <tr>
             <td background="http://justforwebmasters.com/new/images/greenback.gif"><font class="NavDesc"><?php echo($CateDesc); ?></font></td>
         </tr>
    <?php

    }

    ?>
         </table>
    The $CateID variable is coming out fine, but the other variables aren't there when the page is displayed.

    Any help is greatly appreciated,
    Corbb O'Connor
    Looking for quality website design or database programming?
    Contact me for more information and a FREE quote!

  2. #2
    Probably eating pie mitsubishi's Avatar
    Join Date
    Sep 2001
    Location
    England, UK
    Posts
    405
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah your stripping slashes off variable that dont exist.
    $CateTitle = stripslashes($CatTitle);
    You have missed the 'e' off Cat(e) in both cases.

  3. #3
    SitePoint Evangelist
    Join Date
    Dec 2000
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    mitsubishi:

    Thanks for your help. It works when it's called directly (http://www.justforwebmasters.com/new...bar.php/Create), but does not work when called in a different script.

    I have uploaded the script here.

    Your continued help is appreciated,
    Corbb O'Connor
    Looking for quality website design or database programming?
    Contact me for more information and a FREE quote!

  4. #4
    Making a better wheel silver trophy DR_LaRRY_PEpPeR's Avatar
    Join Date
    Jul 2001
    Location
    Missouri
    Posts
    3,428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by mitsubishi
    Yeah your stripping slashes off variable that dont exist.
    he shouldn't be using stripslashes() at all. period. there's no reason to if you get your data in correctly in the first place.
    - Matt ** Ignore old signature for now... **
    Dr.BB - Highly optimized to be 2-3x faster than the "Big 3."
    "Do not enclose numeric values in quotes -- that is very non-standard and will only work on MySQL." - MattR

  5. #5
    SitePoint Evangelist
    Join Date
    Dec 2000
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Matt:

    Wouldn't the following produce an error if addslashes() and stripslashes() were not used?[PHP]<?php

    $sql = mysql_query("INSERT INTO Table SET Firstname='Corbb', Lastname='O'Connor'");

    ?>And also, do you know why my script isn't working?
    Corbb O'Connor
    Looking for quality website design or database programming?
    Contact me for more information and a FREE quote!

  6. #6
    Making a better wheel silver trophy DR_LaRRY_PEpPeR's Avatar
    Join Date
    Jul 2001
    Location
    Missouri
    Posts
    3,428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    maybe, maybe not. if you're using a variable in your query and magic_quotes_gpc is on (it should be off IMO), it should be fine. if magic_quotes_gpc is off (preferred), then use addslashes() on it before using it in the query, and it'll be fine.

    but, i wasn't talking about addslashes(), i was talking about stripslashes(). there's should be no reason to use stripslashes() when SELECTing data. in your example, after something has added slashes (magic_quotes_gpc *OR* addslashes()), the query would be this:

    mysql_query("INSERT INTO Table SET Firstname='Corbb', Lastname='O\\'Connor'");

    correct? what will be the value of Lastname in MySQL after the query?

    O'Connor

    so, why, when SELECTing the data, would you use stripslashes() on that? it's exactly the way you want it, so there's no need.

    where you run into problems is if magic_quotes_gpc is on *AND* you use addslashes(). that's a no no. then your query would become

    mysql_query("INSERT INTO Table SET Firstname='Corbb', Lastname='O\\\\'Connor'");

    then what would the value of Lastname be in MySQL?

    O\\'Connor

    then stripslashes() is "necessary," but only because YOU screwed it up by adding slashes to the data twice. so figure out how to get it in correctly and the first place and do not use stripslashes() when SELECTing. that can be done by:

    1) use addslashes() on the data if magic_quotes_gpc is off (preferrred) or
    2) don't do anything if magic_quotes_gpc is on.


    i didn't look at your script much, but i didn't see anything else wrong besides what mitsubishi mentioned.
    Last edited by DR_LaRRY_PEpPeR; Feb 2, 2002 at 16:41.

  7. #7
    SitePoint Evangelist
    Join Date
    Dec 2000
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okay...thanks for your help anyways.
    Corbb O'Connor
    Looking for quality website design or database programming?
    Contact me for more information and a FREE quote!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •