1

So i want to check if a post exists in the database but i have some problems with redirection. This is my work so far:

echo '<br>';//the $row part tells the DB what post his looking on
echo '<a href="comments.php?post_id='. $row['id'].'">View comments</a>';

This is the show comment button that leads to the section where you see the comments for the post.

<?php
require_once ('checkp.php');

I have it to require the post checking script once.

<?php
include ('variables.php');
//connects to DB
$dbc=mysql_connect($host,$user,$pass);


if ($dbc) {


 } else {

 echo ('Failed to connect to MySql; '. mysql_error());

 }


 //selects db from MySQl
 $sqldb=mysql_select_db('a2318052_blog');

 $pid=$_GET['post_id'];

 $query1="SELECT * FROM posts_b WHERE id='$pid'";
 $sql=mysql_query($query);

 if ($sql) {


 } else {

 echo "cant run query";

 }


 if (mysql_num_rows($sql) > 0) {

 echo "that post does not exist!";

 } else {

 header ("location: comments.php?post_id='. $pid.'");

 }

 ?>

And this is the script that checks for a empty result and then redirects back. I believe its something with the redirect here (header ("location: comments.php?post_id='. $pid.'");)

Gumbo
  • 643,351
  • 109
  • 780
  • 844
Hugo Holmqvist
  • 23
  • 3

4 Answers4

1

You mixed the quotes on the redirect:

"location: comments.php?post_id='. $pid.'"

should be

"location: comments.php?post_id=". $pid

The dot in php is used to concatenate strings. Bu there you are opening the string with " and closing it with '.

EDIT : Also as someone else already noticed you're using query instead of query1. Also i suppose instead of:

if (mysql_num_rows($sql) > 0) {

 echo "that post does not exist!";

you wanted something else:

if (mysql_num_rows($sql) == 0) {

 echo "that post does not exist!";
nowhere
  • 1,558
  • 1
  • 12
  • 31
0

You probably don't want single quotes around the post_id...

header ("location: comments.php?post_id=$pid");
putvande
  • 15,068
  • 3
  • 34
  • 50
Digital Chris
  • 6,177
  • 1
  • 20
  • 29
0
$query1="SELECT * FROM posts_b WHERE id='$pid'";
$sql=mysql_query($query);

You're using $query instead of $query1. That's probably the problem (along with the concatenation stuff other users have pointed out).

There's also a few other things, like I think you mixed up your if/else statement here:

if (mysql_num_rows($sql) > 0) {

 echo "that post does not exist!";

 } else {

 header ("location: comments.php?post_id='. $pid.'");

 }

Maybe you want the order to be reversed?

Also, you should look into avoiding SQL injection! Sending a query with a $GET variable is pretty dangerous, as users can manipulate the URL and send malicious queries. 

$pid=$_GET['post_id'];

Prepared statements are ideal, but for now, you could use mysql_real_escape_string around your $GET variable. It stops people from sending queries you really don't want done.

Community
  • 1
  • 1
stephen
  • 52
  • 5
  • It works now, but when i use the require_once it gets me in a redirect loop... Do you know how to fix it? – Hugo Holmqvist Dec 19 '13 at 16:04
  • I'm thinking you want to change the redirect to something else. `header ("location: comments.php?post_id='. $pid.'");` that line pretty much just keeps going to itself over and over. You get to comments.php?post_id=x, and then it sends you to it again, and again, loooped, if the comment is valid (and you've made the changes above). – stephen Dec 20 '13 at 01:13
0

first change pid

$pid = intval($_GET['post_id']); // for security

after that

if (mysql_num_rows($sql) == 0)
{
    echo "that post does not exist!";
}
else
{
    header("Location: comments.php?post_id=".$pid);
}
Artas
  • 262
  • 2
  • 6