I want to make a script that changes pictures depending on the type . I am getting a error on Sql but i dont know what i am doing wrong

this is the script

function Pic($profilePic)
{   if($profilePic)
    {   
        $profile_pic=BASE_URL.UPLOAD_PATH.$profilePic;
    }
    else
    {
         $sql = "SELECT type FROM messages WHERE msg_id=".$_GET['msgID'];
        $db = getDB();
        $stmt = $db->query($sql);  
        $type = $stmt->fetchAll(PDO::FETCH_OBJ);
        if($type=='T')
        {
        $profile_pic=BASE_URL.'wall_icons/video_icon.png';
        }
        elseif($type=='F')
        {
            $profile_pic=BASE_URL.'wall_icons/profile-audio11.png';
        }
    }

    return $profile_pic;
}

Recommended Answers

All 25 Replies

Hi!

The method/function fetchAll() of the PDO library returns an array, which is an empty array if no rows are matched, what you want here is probably fetchColumn():

$type = $stmt->fetchColumn();

And you also want to use prepared statements: I know I repeat myself a lot on this subject, but it's really important, your current code is exposed to SQL injection, I could delete your entire database from there. Write it correctly also for the other users that will read this forum and take your code as example. Bye!

I am still getting a Sql error . You are right cereal i dont usually do that and i am going to post the correct answer it when i got this right.

I am still getting a Sql error

Which one? Type is a reserved word. Put backticks around it.

"text25":SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your
SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to
use near '' at line 1

Add backticks to type, as suggested by Pritaeas:

SELECT `type` FROM ...

still the same. I never used backtips in other working functions

The backtick is the operator used to define those objects known as identifiers: table names, columns, databases and to distinguish a column name, for example, from a reserved word. See: http://dev.mysql.com/doc/refman/5.7/en/identifiers.html

To test your query, open the mysql client and run:

\W -- to enable warnings
SELECT `type` FROM `messages` WHERE `msg_id` = 1;

If it runs fine, then see if $_GET['msg_id'] is set, because, otherwise, it's like sending this query:

SELECT `type` FROM `messages` WHERE `msg_id` = ;

Which will raise the same syntax error.

What are you using to build those links? Mod rewrite or a router? (Slim perhaps?)

If the rewrite rule defines msg_id then it will be accessible through that link, otherwise you have to append it /project/new/155?msg_id=123 or change the rule.

I use mod rewrite

when i manually put the id on the url then its ok... so it doesnt get the value of $_get

Ok, so the /155 segment should be the msg_id, correct? Can you show us the rewrite rules? Maybe you just need to point to another index, try to dump the $_GET array var_dump($_GET); to see what is set.

If I can suggest, consider to include a router into your application, something like nikic/FastRoute:

This is already in the Slim framework, and allows you to define a new link like this:

$app = new \Slim\App();
$app->get('/messages/{msg_id}/{another_var}', function($request, $response, $args) {
    echo $args['msg_id'] . ' ' . $args['another_var'];
});

Adding variables at that point becomes easy.

RewriteRule ^new/([0-9]+)$ new.php?msgID=$1
RewriteRule ^new/([0-9]+)/$new.php?msgID=$1
the thing is that i call the php fuction in a separate file that doesn't get the $_GET id. When i put the var_dump on the file that has the class that i call it says string(3) "155", when i put the var_dump on the file that i call all the functions it doesnt get anything

the thing is that i call the php fuction in a separate file that doesn't get the $_GET id

$_GET is a superglobal variable, so it's available in all the scopes of the script, even if you execute a function into an included script. Try $_GET['msgID'] as defined in the rewrite rule.

I know its superglobal thats why i am curious. I called It like that from the beggining

So, if you do:

/new/155/

With an ending slash it matches correctly? If the new.php file is in localhost/ try these:

RewriteRule ^project/new/([0-9]+)$ new.php?msgID=$1 [L,301]
RewriteRule ^project/new/([0-9]+)/$ new.php?msgID=$1 [L,301]

Otherwise, if it's in localhost/project/ and the .htaccess file is in the same path, remove the project token from the rewrite rules. You can test them here:

Consider also to set a RewriteBase to avoid issues with paths, if that is the problem.

both new.php and htacces are in the project folder. i didnt have directory for project anyway
and when i try this
RewriteRule ^new/([0-9]+)$ new.php?msgID=$1 [L,301]
RewriteRule ^new/([0-9]+)/$ new.php?msgID=$1 [L,301]

i am getting an 500 error

Server error!

The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script.

If you think this is a server error, please contact the webmaster.
Error 500
localhost

Ok and what is the error in the Apache error.log? It could be a loop, which could mean a missing rewrite condition, like:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

Used to avoid conflicts with existing files and directories. Now can you share the full rewrite rules and the relevant part of the new.php script?

[Sat Oct 29 14:31:17.659156 2016] [mpm_winnt:notice] [pid 512:tid 536] AH00418: Parent: Created child process 4296
[Sat Oct 29 14:31:18.789486 2016] [ssl:warn] [pid 4296:tid 596] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Sat Oct 29 14:31:19.080691 2016] [ssl:warn] [pid 4296:tid 596] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Sat Oct 29 14:31:19.152742 2016] [mpm_winnt:notice] [pid 4296:tid 596] AH00354: Child: Starting 150 worker threads.
[Sat Oct 29 14:53:12.814413 2016] [core:alert] [pid 4296:tid 1840] [client ::1:63108] C:/xampp/htdocs/project/.htaccess: RewriteRule: unknown flag '301', referer: http://localhost/project/index.php
[Sat Oct 29 14:53:18.751923 2016] [core:alert] [pid 4296:tid 1840] [client ::1:63110] C:/xampp/htdocs/project/.htaccess: RewriteRule: unknown flag '301', referer: http://localhost/project/login.php
[Sat Oct 29 14:53:32.523628 2016] [core:alert] [pid 4296:tid 1840] [client ::1:63113] C:/xampp/htdocs/project/.htaccess: RewriteRule: unknown flag '301', referer: http://localhost/project/login.php
[Sat Oct 29 14:53:35.935779 2016] [core:alert] [pid 4296:tid 1840] [client ::1:63114] C:/xampp/htdocs/project/.htaccess: RewriteRule: unknown flag '301', referer: http://localhost/project/login.php
[Sat Oct 29 14:55:04.230303 2016] [core:alert] [pid 4296:tid 1864] [client ::1:63365] C:/xampp/htdocs/project/.htaccess: RewriteRule: unknown flag '301', referer: http://localhost/project/login.php

these are the last errors on the apache log.

the only rewrite rule is the one i posted
and this that edits the page
RewriteRule ^editNew/([0-9]+)$ editNew.php?editMsgID=$1
RewriteRule ^editNew/([0-9]+)/$ editNew.php?editMsgID=$1

Ok, my mistake :) I forgot to prepend the correct flag, it's R=301:

RewriteRule ^new/([0-9]+)$ new.php?msgID=$1 [R=301,L]
RewriteRule ^new/([0-9]+)/$ new.php?msgID=$1 [R=301,L]

where R stands for Redirect:

STILL THE SAME
RewriteRule ^new/([0-9]+)$ new.php?msgID=$1[R=301,L]
RewriteRule ^new/([0-9]+)/$ new.php?msgID=$1[R=301,L]
the file that i have all the php functions is in a folder i call scripts. Thats where the function is maybe thats way i can't get the $_GET

To tell the truth, there is a space between the substitution and the flags:

RewriteRule ^new/([0-9]+)/?$ new.php?msgID=$1 [R=301,L]
           ↑                ↑                ↑
         space            space            space

What you returned is without the space. That rule works fine for me, so could you share the code of the new.php file? Because, I really don't have other suggestions right now.

commented: Gimme my spaces. +11

Hi Simon,

I think your issue is given by the configuration of your local Apache server. From what I have understood you are not configuring a VirtualHost for your project. You are simply creating a new directory (folder) into the document root of the default Apache host.

By doing this, you have to tell the rewrite engine to check the correct path before trying to apply the rewrite rules. For example, these will apply to the document root:

# first .htaccess
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^new/([0-9]+)/?$ new.php?msgID=$1 [L]
</IfModule>

So it will try to rewrite the url starting from //localhost/, instead, the following will apply to the project folder:

# second .htaccess
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /WallScript/
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^new/([0-9]+)/?$ new.php?msgID=$1 [L]
</IfModule>

So, it will start from //localhost/WallScript/. It depends on the value assigned to the RewriteBase directive:

RewriteBase /WallScript/

Here an example of the folder structure:

/
├── functions.php
├── .htaccess
├── index.php
├── new.php
└── WallScript
    ├── .htaccess
    └── new.php

To recap: the first .htaccess applies to the /new.php file, i.e. the file placed in the document root, the second applies to the /WallScript/new.php file.

By default Apache inherits the .htaccess rules to the subfolders, so if the configuration allows it, you can avoid to write multiple .htaccess and place just one in the document root.

The R=301 flag that I suggested in my previous posts, was to test which file was really been executed, that will cause a redirect from:

//localhost/WallScript/new/10/

to:

//localhost/WallScript/new.php?msgID=10

so you can remove it without issues.

In order to help you better we have to understand which kind of setup you're using (e.g. VirtualHost vs folders), how the files are distributed in these folders and which rules you are really writing in the .htaccess: I have asked but you are showing only minimal information, just the lines that do the rewrite. Please understand that I don't know if you are defining the RewriteBase or other, or if there is something else that is conflicting with the rules or even if your Apache setup allows .htaccess rules or urls rewritings.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.