GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Tech What a wild 3 weeks (and php question).

Publisher Bucks · 08-29-2021, 11:36 AM

Quote:

Originally Posted by sarettah

First, stay safe.

Second, as someone said above, you have an error in your if statement, you are missing a paren.

You have:

// check incoming params exist
if ( ! isset($_GET['id'] ) {
// missing param, go to an error page for example
header('Location: index.php');
exit;
}

That should be:

// check incoming params exist
if ( ! isset($_GET['id'] ) ){
// missing param, go to an error page for example
header('Location: index.php');
exit;
}

Thirdly:

In the recipe.php you do not establish a database connection. In the first program you are establishing a mysqli connection. In the Recipe.php you do not establish any database connection and then you try to use a pdo connection that does not exist.

Instead of mixing between mysqli and pdo, use one. You are using mysqli in the first program, use that again in the second. You use it at the bottom of the second to iterate through the rows.

Put an error_reporting(E_ALL) at the start of the program and it should show you your errors. Once you have everything debugged change that to error_reporting(0) so it won't show the errors.

<?php
error_reporting(E_ALL);

// check incoming params exist
if ( ! isset($_GET['id'] ) ){
// missing param, go to an error page for example
header('Location: index.php');
exit;
}

// open a mysqli connection
$con=mysqli_connect("localhost","recipes","passwor d","recipelist");

// Check connection
if (mysqli_connect_errno())
{
die("Failed to connect to MySQL: " . mysqli_connect_error());
}

$table = "Recipes";
$sql = "SELECT * FROM" . $table . " WHERE id =" . $_GET['id'];

// do the query
$result = mysqli_query($con, $sql);

echo "<table>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['Title'] . "</td>";
echo "<td>" . $row['Ingredients'] . "</td>";
echo "<td>" . $row['Method'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>

Something like that should work. I have not checked to see if there are any other syntax issues.

You should also do some validation on $_GET['id']. I used it raw above and that is not really safe. It is fine for right now while you are trying to figure things out but for something open to the net it isn't.

For example is the id field an integer?

Then you would want to do a validation such as making sure it is an int coming in.

$recipeid=0;

if(isset($_GET['id']))
{
$recipeid=intval($_GET['id']);
}

if($recipeid==0)
{
echo "Bad id value coming in or something like that...";
}

.

Damn! Thank you so much for the detailed response

Going to see if I can get this working with those fixes you made and the changes.

Out of interest, is there a specific time/reason I should use mysqli vs PDO in this type of scripting? Also, is there any significant difference in using echo vs print for the output data?

Winds are starting to pick up, no real damage here as yet though (2 miles outside the Quarter) unless you count a couple of upturned garbage cans that weren't secured properly by neighbors.

Power and Internet is still working, there was an advisory an hour or so back not to use dishwashers, washing machines or other appliances that utilize a lot of water due to the sewerage plant system losing power, other than that, nothing major to report here yet.

Have enough food, smokes and liquor to last a week if the power does go out and I just finished a huge pan of baked ziti, so should be somewhat comfortable if utilities do get knocked out at this point.

Again, thank you so much for your detailed reply, going to play around with this now.

#Quick Editing#

Yes, RecipeID goes from 001 through 3600 at the present time so will look into validation of that to protect from SQL injection once I have this working how I want before setting the whole thing live.

I honestly didn't think this pet project would take so long to get up and running, but I'm glad its finally in the process of being built haha