Thanks, Walter
The input to the server from the web page is not a form but a query on a text link, your output says it is an array, and there is nothing extra getting in the way of it.
?item=Couplings&inthere=&line=Hydraulic%20Compression%20FittingsAll the input to the MySQL sever is from the webpage menu, there is no user input as all the links are “hardwired” to the links.
I’ll update the GET statement with the security input and see if that has any effect.
I’ll have to do that later as it’s now food time here in the UK.
Cheers,
Steve.
On 20 Nov 2013, at 16:29, Walter Lee Davis wrote:
Can you point your form at http://scripty.walterdavisstudio.com/reflector.php, and see what the raw parameters being posted are? Your SQL seems fine, I don’t see anything out of place there.
I would caution you that you must escape any user input before you concatenate it into a SQL query as you are doing. At the very minimum,
$item = mysql_real_escape_string(trim($_GET['input']))or something like that. (http://php.net/manual/en/function.mysql-real-escape-string.php) Note that this is deprecated. Personally, I have switched to using PDO and bound variables in my (very limited) PHP work.Walter
On Nov 20, 2013, at 8:13 AM, SteveB wrote:
Hi,
I have recently come across this error when I click on a menu link to select a range of items (products) from the database.
To see this on the link, on the lefthand side under the Hydraulic Range heading, select HYDRAULIC COMPRESSION FITTINGS, CLAMPS & TUBE menu and the first item “Couplings”. This selects all the couplings in this range by looking for the word “Couplings” under the column heading ‘prodsection’
Here is the MySQL query: The $item is the search term from the menu, along with $line which is the product line.
"SELECT ceswebproducts.*, ceswebprices.listprice , ceswebprices.webprice, ceswebprices.yousave FROM ceswebproducts, ceswebprices WHERE `ceswebproducts`.`prodsection` LIKE '%$item%' AND `ceswebproducts`.`prodtitle` LIKE '%$inthere%' AND `ceswebproducts`.`prodline` = '$line' AND `ceswebproducts`.`partnumber` = `ceswebprices`.`partnumber`";This query is working in on the current version of the site (the same url without the /2013-revised/test/), but now that I have created an updated version of the site (not yet live) using the same configuration of menu and database (although the product codes have changed the basic menu structure is the same), the query brings up this error.
I have run the same query on the server with phpadmin and it works fine.
It is the same on both the Freeway 5.65 version and the Freeway 6.12, which makes me think that it is something that is not quite right with the processing of the query from the HTML page.
I have found adding a space to the word Couplings on the database makes this work, but doesn’t help with other queries.
Can any one shed some light on this, it’s causing me some grief!
Thanks,
Steve
http://www.cotswoldengineeringsupplies.co.uk/2013-revised/test/
dynamo mailing list email@hidden Update your subscriptions at:http://freewaytalk.net/person/options
dynamo mailing list email@hidden Update your subscriptions at:http://freewaytalk.net/person/options
Design Artwork Illustrations & Websites Steve Ballinger SBDesign email@hidden
dynamo mailing list email@hidden Update your subscriptions at:http://freewaytalk.net/person/options