2

im having problems with this code 

<?php
include '01.php';
include 'header.php';
$sql = "SELECT cat_id, cat_name, cat_description FROM categories WHERE cat_id = " . mysql_real_escape_string($_GET['id']) . "";

$result = mysql_query($sql);

if(!$result)
{
    echo 'The category could not be displayed, please try again later.' . mysql_error();
}
else
{
    if(mysql_num_rows($result) == 0)
    {
        echo 'This category does not exist.';
    }
    else
    {
        //display category data
        while($row = mysql_fetch_assoc($result))
        {
            echo '<h2>Topics in ′' . $row['cat_name'] . '′ category</h2>';
        }

        //do a query for the topics
        $sql = "SELECT  
                    topic_id,
                    topic_subject,
                    topic_date,
                    topic_cat
                FROM
                    topics
                WHERE
                    topic_cat = " . mysql_real_escape_string($_GET['id']);

        $result = mysql_query($sql);

        if(!$result)
        {
            echo 'The topics could not be displayed, please try again later.';
        }
        else
        {
            if(mysql_num_rows($result) == 0)
            {
                echo 'There are no topics in this category yet.';
            }
            else
            {
                //prepare the table
                echo '<table border="1">
                      <tr>
                        <th>Topic</th>
                        <th>Created at</th>
                      </tr>'; 

                while($row = mysql_fetch_assoc($result))
                {               
                    echo '<tr>';
                        echo '<td class="leftpart">';
                            echo '<h3><a href="topic.php?id=' . $row['topic_id'] . '">' . $row['topic_subject'] . '</a><h3>';
                        echo '</td>';
                        echo '<td class="rightpart">';
                            echo date('d-m-Y', strtotime($row['topic_date']));
                        echo '</td>';
                    echo '</tr>';
                }
            }
        }
    }
}

include 'footer.php';
?>

the error it gives me is this The category could not be displayed, please try again later.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 strong text ** $sql = "SELECT cat_id, cat_name, cat_description FROM categories WHERE keeps not working for some reasonstrong text** would really appreciate the help i dont know what to do anymore googled everywhere and tried different combinations but cant get the id from cat_id please help

Imagine Peace
  • 37
  • 6
  • what is an example url you are getting the $_GET['id';] from? – Matt Apr 27 '16 at 18:38
  • xxxxx.com/category.php?id – Imagine Peace Apr 27 '16 at 18:40
  • 1
    The `mysql_*` functions in PHP are deprecated and shouldn't be used. Please read [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) for information on why and what to replace them with. – Matt Raines Apr 27 '16 at 19:39
  • **WARNING**: If you're just learning PHP, please, do not learn the obsolete [`mysql_query`](http://php.net/manual/en/function.mysql-query.php) interface. It's awful and has been removed in PHP 7. A replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) and a guide like [PHP The Right Way](http://www.phptherightway.com/) helps explain best practices. – tadman Apr 27 '16 at 19:45
  • thank you for the advice but i have less than 2 weeks for my final assignement (dont ask why) so i cant really redo most of the things – Imagine Peace Apr 27 '16 at 20:30

1 Answers1

0

seems you don't have proper quote. you should enclose the result of your mysql_real_escape_string($_GET['id']) inside ' like the sample below

"SELECT cat_id, cat_name, cat_description 
      FROM categories WHERE cat_id = '" . mysql_real_escape_string($_GET['id']) . "'";

if you want try to use a simplified query remember the quotes this way:

$sql= mysql_query("SELECT cat_id, cat_name, cat_description 
              FROM categories WHERE cat_id = '" .$id . "';");

but for debugging try 

var_dump($id); 

var_dump($sql);

and check if $id contain a proper value and $sql is correctly formed (try copy the resulting query and execute it in your console)

then if the query give you the right result in console this mean the resulting query is right..

PS the url should be 

xxxxx.com/category.php?id=1

remember to assign a value to your id

ScaisEdge
  • 131,976
  • 10
  • 91
  • 107
  • hmm tried it thanks the error didnt show up but for some reason the if code that echos this category doesnt exist pops up even though i have like tons of em already on the server – Imagine Peace Apr 27 '16 at 18:43
  • 1) for debugging try var_dump( mysql_real_escape_string($_GET['id'])) before the $sql and check if contain proper value .. 2) be sure the value you provided for query cat_id really match the value in db.. – ScaisEdge Apr 27 '16 at 18:45
  • i also tried this $sql = mysql_query("SELECT cat_id, cat_name, cat_description FROM categories WHERE cat_id = " .$id); and it says the query is empty any tips? – Imagine Peace Apr 27 '16 at 19:03
  • ive been trying to get this forum to work for like 8 hours now and my mind is totally messed up with this – Imagine Peace Apr 27 '16 at 19:09
  • NULL resource(5) of type (mysql result) heres the weird thing when i just use select from categories and use the rest of the code then it echo all the category names so the cat_id is faulty? – Imagine Peace Apr 27 '16 at 19:29
  • Then this mean you $id don't contain the expected value .. please post the exact url you getting the $_GET['id';] from? – ScaisEdge Apr 27 '16 at 19:32
  • Anyway i have update the answer be sure you assign a proper value to id in url eg: ?id=1 – ScaisEdge Apr 27 '16 at 19:34
  • xxxxxx.com/PHP/category.php?id is the url for some reason when i try to get to the topics – Imagine Peace Apr 27 '16 at 19:38
  • You must assign a proper value to id should be xxxxxx.com/PHP/category.php?id=2 – ScaisEdge Apr 27 '16 at 19:39
  • thank you for your support i solved the problem the guide that im using is a bit dated maybe 6 years and the solution is pretty idk screwed up $sql="SELECT cat_id, cat_name, cat_description FROM categories WHERE cat_id "; like thats it.... nothing else... and everything will popup... my head hurts but ty for your help – Imagine Peace Apr 28 '16 at 15:10
  • your answer helps me get the code working half way it works but there something bad in my code. i just had to change it to WHERE cat_id "; so my table will pop up i guess the rest of the code has a mistake in it – Imagine Peace Apr 28 '16 at 16:00
  • well if my answer is right and give you right solution or solved the error you showed is fair mark it as accepeted .. if my answer i swrong and don't help you obviously should rate negatively .. – ScaisEdge Apr 28 '16 at 16:25