Displaying entries from a database with PDO and URL Variables

Question

I've got a page that is passed a variable by the URL (video.php?video=VALUE) which is then used throughout the page to pull in various details about the video - title, a still, year etc.

I want to display a 404/error if an incorrect value or something not in the database is entered into the URL string, and display the page with corresponding values pulled from the database if the value is correct

At present I'm just trying to get the basic code down and have written the following...

<?php include("credentials.inc"); ?>    
<?php 
$video = $_GET['video']; 
$videodata = $pdo->prepare("SELECT * FROM video WHERE site url =:siteurl LIMIT 1"); // check db for :siteurl value

$videodata->bindParam(':siteurl', $_GET['video'], PDO::PARAM_STR); // bind site url to $_Get Value...

$videodata->execute(); // execute

if($videodata->rowCount()) { // If videodata [url string] returns data then... 
 echo '<b>hello world... this entry is there!</b>';
 } else {
 echo 'NO .... ITS NOT THERE';
 }

?>

I don't seem to be getting any errors, but at the same time nothing is happening and the page I'm getting back is simply blank.

Any pointers as to where am I going wrong with my code would be massively appreciated!

`video.php?id=VALUE` you mean `video.php?video=VALUE` right? You're also executing the wrong variable. Actually just do `$videodata->execute();` - Your `$videodata->execute([$video]);` should have thrown you an error, but you're not checking for errors, anywhere. — Funk Forty Niner, Jun 06 '16 at 18:25
you don't need `[$video]` in `$videodata->execute([$video]);` since you bound it previously. and you have a hanging `;` before the end of your php. awe @fred you updated your comment to include what i was typing. — cmorrissey, Jun 06 '16 at 18:29
@cmorrissey Yeah, that `execute()` parameter wasn't right, after closer inspection. Their code's failing them for a few reasons, that's IF their GET value as they state, is what's really being used. I hadn't seen yours. — Funk Forty Niner, Jun 06 '16 at 18:32
@Fred-ii- I did indeed mean `video.php?video=VALUE`... I've updated the code above and tried also updating it in my PHP document, but still getting the blank page. — hj8ag, Jun 06 '16 at 18:52
http://php.net/manual/en/pdo.error-handling.php --- http://php.net/manual/en/function.error-reporting.php — Funk Forty Niner, Jun 06 '16 at 18:55
@Fred-ii `Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'url =? LIMIT 1'` — hj8ag, Jun 06 '16 at 19:04

Funk Forty Niner · Accepted Answer · 2016-06-06T19:15:16.627

1

@Fred-ii Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'url =? LIMIT 1' – hj8ag"

You have a space in this column name:

WHERE site url
          ^ it hit a hole in the road

If that is the actual column's name, it needs to be ticked.

WHERE `site url`

Either that, or rename it to site_url with an underscore and in your table also.

Other syntax errors were previously noted in comments.

You should also make sure to use isset() or !empty() against the GET array and that it contains a value matching in your database.

I.e.:

if(isset($_GET['video'])){

    $video = $_GET['video'];

}
else {
    echo "Not set";
    }

edited Jun 06 '16 at 19:15

answered Jun 06 '16 at 19:05

Funk Forty Niner

74,450
15
68
141

Thank you for your answer! My `siteurl` is actually called `siteurl` in my database - I have a horrible feeling auto-correct worked it's magic here and added in the space (as it's just done twice before). Would the `isset()` function be used instead of the `->rowCount()` block? At the moment the script now seems to be working, but is throwing the `'NO...'` message even with data I know is in the database... – hj8ag Jun 06 '16 at 20:00
@hj8ag You're welcome. No, the isset is for the GET array which I made an edit to earlier. – Funk Forty Niner Jun 06 '16 at 21:00
1

@hj8ag Also look at another of my answers http://stackoverflow.com/a/22253579/1415724 to check if a row exists. A PDO method is in there. – Funk Forty Niner Jun 06 '16 at 21:06

Displaying entries from a database with PDO and URL Variables

1 Answers1