0

I'm trying to make the meta title, meta description and meta keywords dynamic in my application, so that each page contains its own data.

First, I inserted all the data in the database in a table called metatags.

Then, I would like to display this data from header.php.

Here is my code:

<?php include "admin/functions.php"; ?>

<?php

  $url = basename($_SERVER['REQUEST_URI']);
  // get meta tag
  $metaqry = "SELECT * FROM metatags WHERE metatag_url = $url";
  $metares = mysqli_query($connection, $metaqry);
  $metadata = mysqli_fetch_assoc($metares);

?>

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <title><?php echo $metadata['metatag_title']; ?></title>
    <meta
      name="description"
      content="<?php echo $metadata['metatag_description']; ?>"
    />
    <meta
      name="keywords"
      content="<?php echo $metadata['metatag_keywords']; ?>"
    />
    <!-- <meta name="viewport" content="width=device-width, initial-scale=1" /> -->
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
    <link
      rel="shortcut icon"
      type="image/x-icon"
      href="/projects/online-projects/clique-digitale-php/assets/img/favicon.ico"
    />

    <!-- Plugin css -->
    <!-- <link rel="stylesheet" href="assets/css/vendor/bootstrap.min.css"> -->

    <!-- Custom Style CSS -->
    <link rel="stylesheet" href="/projects/online-projects/clique-digitale-php/assets/css/style.css" />

  </head>

However, when I'm going to index.php, I'm getting this error:

Fatal error: Uncaught mysqli_sql_exception: Unknown column 'index.php' in 'where clause' in C:\xampp\htdocs\projects\online-projects\clique-digitale-php\includes\header.php:8 Stack trace: #0 C:\xampp\htdocs\projects\online-projects\clique-digitale-php\includes\header.php(8): mysqli_query(Object(mysqli), 'SELECT * FROM m...') #1 C:\xampp\htdocs\projects\online-projects\clique-digitale-php\index.php(2): include('C:\xampp\htdocs...') #2 {main} thrown in C:\xampp\htdocs\projects\online-projects\clique-digitale-php\includes\header.php on line 8

Edit: I updated my code and used PDO:

<?php

  $url = basename($_SERVER['REQUEST_URI']);

  $metares = $connection->prepare("
    SELECT * FROM metatags
    INNER JOIN site_pages on site_pages.page_id = metatags.metatag_url
    WHERE site_pages.page_url = :url
  ");
  $metares->bindValue(':url', $url);
  $metares->execute([
    'url' => $url
  ]);
  $metarow = $metares->rowCount();
  $metadata = $metares->fetch(PDO::FETCH_ASSOC);

  $metatag_title = '';
  $metatag_description = '';
  $metatag_keywords = '';

  if($metarow > 0){
    $metatag_title = $metadata['metatag_title'];
    $metatag_description = $metadata['metatag_description'];
    $metatag_keywords = $metadata['metatag_keywords'];
    
  } else {
    // You can fetch by default index.php from database
    $metatag_title = 'Agence Digitale - Clique Digitale';
    $metatag_description = 'Donnez à votre business la valeur qu\'il mérite !';
    $metatag_keywords = 'Agence Digitale';
  }

?>
Sofiane Abou Abderrahim
  • 35
  • 5
  • 3
    You are open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized prepared statements instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) and [MySQLi](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even data from the database, [you are still at risk of corrupting your data](https://bobby-tables.com/). If this is a school project. Best time to learn. How to do things right. – Jason K Apr 10 '23 at 13:15
  • 1
    In your debugging examine the actual SQL code you're executing (the runtime value of `$metaqry`) and see if it matches what you expect. If it doesn't, what's different? Taking a step back... Now is a great time to start learning about prepared statement and query parameters, the use of which will help you have more control over your SQL code and avoid problems like this one. – David Apr 10 '23 at 13:18
  • Are you allowed to use DOM manipulation? You can Ajax and insert that PHP from simple PDO databases (as @JasonK stated) to convert your pages to your liking. – Anthony Pulse Apr 10 '23 at 13:19
  • @David: When I var_dump($metaqry), I get this message: string(52) "SELECT * FROM metatags WHERE metatag_url = index.php" – Sofiane Abou Abderrahim Apr 10 '23 at 13:30
  • 1
    @SofianeAbouAbderrahim: And does that SQL code match what you expect? If it doesn't, what's different and why? If it does, now is a good time to get started on some MySQL tutorials. Wrapping string values in quotes is an important part of the SQL language. (Note of course that making use of query parameters in prepared statements will allow the SQL engine to handle quoting for you so you don't have to do it yourself.) – David Apr 10 '23 at 13:32
  • @David: Yes, that SQL code matches what I expect. Indeed, I forgot to wrap the string value of `$url` in quotes, like this `'$url'`. Thank you. – Sofiane Abou Abderrahim Apr 10 '23 at 13:35
  • Except that you shouldn't do that because it's insecure and unreliable. **always** use prepared statements and parameters to include outside data into your sql statements. – ADyson Apr 10 '23 at 13:42
  • @ADyson: Yes, you are right. Can you show me in this case how to use prepared statements and parameters. I'll do it for this case. Then, I'll do it for the other queries thanks to that model. – Sofiane Abou Abderrahim Apr 10 '23 at 14:05
  • There are many places already online where you can learn this. [How to include a PHP variable inside a MySQL statement](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) is one of them. – ADyson Apr 10 '23 at 14:07
  • @ADyson: Okay, I'll have a look at it. By the way, I was learning **MySQL** and **mysqli** first. Then, I was planning to learn **PDO**. So, that's why I didn't use prepared statements and parameters all the time in my application. Howver, I'm using an `escape()` function. – Sofiane Abou Abderrahim Apr 10 '23 at 14:15
  • It likely won't cover all cases. To be honest you'd be better to skip over mysqli and just go straight to PDO, it's easier to learn anyway – ADyson Apr 10 '23 at 14:17
  • @ADyson: Okay, anyways, I finished my msqli project. So, I'll start PDO in a few days hopefully. – Sofiane Abou Abderrahim Apr 10 '23 at 14:19

0 Answers0