Variable not being recognized

gwh

Hi everyone,

I have the following link on a page in my site:

The link is carrying two variable/value pairs and points to a controller file.

The value of the variables are captured via the following code block in the controller file:

if (isset ($_GET['subcatID']) && ($_GET['itemTypeID'])) {
	include_once(__ROOT__ . "/includes/db.inc.php");

$subcatID =  mysqli_real_escape_string($link, $_GET['subcatID']);
$itemTypeID =  mysqli_real_escape_string($link, $_GET['itemTypeID']);

The value of the $itemTypeID variable is used in the following WHERE clause in the sql query:

WHERE itemTypes.itemTypeID="$itemTypeID"'

When I test however, the browser isn't outputting anything. Although if I change the WHERE clause to the following it outputs everything correctly:

WHERE itemTypes.itemTypeID=3

It seems that for some reason it's not recognizing the value of the $itemTypeID variable.

The following is the full code in the controller:

<?php
 if ($_SERVER['HTTP_HOST'] != "new_site.com") { 
   define ('__ROOT__', $_SERVER['DOCUMENT_ROOT'] . '/new_site');
} else {
   define ('__ROOT__', $_SERVER['DOCUMENT_ROOT']);
}

include_once(__ROOT__ . "/includes/magicquotes.inc.php");

if (isset ($_GET['subcatID']) && ($_GET['itemTypeID'])) {
	include_once(__ROOT__ . "/includes/db.inc.php");

$subcatID =  mysqli_real_escape_string($link, $_GET['subcatID']);
$itemTypeID =  mysqli_real_escape_string($link, $_GET['itemTypeID']);

$select = 'SELECT
        items.itemID, 
        itemTitle, 
        itemSKULadies, 
        itemSKUMen, 
        itemDescLadies, 
        itemDescMen,  
        itemPriceBoth,
        itemPriceFemale,
        itemPriceMale,
        itemColoursBoth,
        itemColoursFemale,
        itemColoursMale,
        itemTypes.itemType,
    subcategories.subcategory,
        sizesMen.size AS Msize, 
        sizesLadies.size AS Lsize, 
        itemSwatchBoth,
        itemSwatchFemale,
        itemSwatchMale,
        itemImage';
$from	= ' FROM items
			LEFT JOIN sizesMen ON sizesMen.sizeMenID=items.sizeMenID 
      		LEFT JOIN sizesLadies ON sizesLadies.sizeLadiesID=items.sizeLadiesID
        	LEFT JOIN itemTypes ON itemTypes.itemTypeID=items.itemTypeID
			LEFT JOIN item_to_subcat ON item_to_subcat.itemID = items.itemID
			LEFT JOIN subcategories ON subcategories.subcatID = item_to_subcat.subcatID ';
$where 	= ' WHERE itemTypes.itemTypeID="$itemTypeID"';


$result = mysqli_query($link, $select . $from . $where);
if (!$result)
{
	$error = 'Error fetching items: ' . mysqli_error($link);
	include 'error.html.php';
	exit();
}


$items = array();

while ($row = mysqli_fetch_array($result))
{
 $items[] = array('itemTitle' => $row['itemTitle'], 'itemSKULadies' => $row['itemSKULadies'], 'itemSKUMen' => $row['itemSKUMen'], 'itemDescLadies' => $row['itemDescLadies'], 'itemDescMen' => $row['itemDescMen'], 'itemPriceBoth' => $row['itemPriceBoth'], 'itemPriceFemale' => $row['itemPriceFemale'], 'itemPriceMale' => $row['itemPriceMale'], 'itemColoursBoth' => $row['itemColoursBoth'], 'itemColoursFemale' => $row['itemColoursFemale'], 'itemColoursMale' => $row['itemColoursMale'], 'Lsize' => $row['Lsize'], 'Msize' => $row['Msize'], 'itemType' => $row['itemType'], 'itemSwatchBoth' => $row['itemSwatchBoth'], 'itemSwatchFemale' => $row['itemSwatchFemale'], 'itemSwatchMale' => $row['itemSwatchMale'], 'itemImage' => $row['itemImage']);
}

include 'catalogue.php';
exit();
}
?>

Does anyone know what might be happening?

Appreciate any help.

laserlight

The problem is that variables are not interpolated when they are embedded in single quoted strings. You should use double quoted strings instead, or use concatenation, or use sprintf().

Furthermore, in SQL, double quotes are used to quote identifiers, not strings.

gwh

laserlight;10943876 wrote:
The problem is that variables are not interpolated when they are embedded in single quoted strings. You should use double quoted strings instead, or use concatenation, or use sprintf().

Thanks for the reply,

I revised the SQL to the following and this has fixed the problem:

	$select = "SELECT
            items.itemID, 
            itemTitle, 
            itemSKULadies, 
            itemSKUMen, 
            itemDescLadies, 
            itemDescMen,  

            itemPriceBoth,
            itemPriceFemale,
            itemPriceMale,
            itemColoursBoth,
            itemColoursFemale,
            itemColoursMale,
            itemTypes.itemType,
			subcategories.subcategory,
            sizesMen.size AS Msize, 
            sizesLadies.size AS Lsize, 
            itemSwatchBoth,
            itemSwatchFemale,
            itemSwatchMale,
            itemImage";
	$from	= " FROM items
				LEFT JOIN sizesMen ON sizesMen.sizeMenID=items.sizeMenID 
          		LEFT JOIN sizesLadies ON sizesLadies.sizeLadiesID=items.sizeLadiesID
            	LEFT JOIN itemTypes ON itemTypes.itemTypeID=items.itemTypeID
				LEFT JOIN item_to_subcat ON item_to_subcat.itemID = items.itemID
				LEFT JOIN subcategories ON subcategories.subcatID = item_to_subcat.subcatID ";
	$where 	= " WHERE itemTypes.itemTypeID='$itemTypeID' && item_to_subcat.subcatID='$subcatID'";

Furthermore, in SQL, double quotes are used to quote identifiers, not strings.

I'm not sure what you mean here. Does that mean that my revised SQL is not well-formed?

laserlight

gwh wrote:
I'm not sure what you mean here. Does that mean that my revised SQL is not well-formed?

It is, as you now use single quotes to quote strings in the SQL statement 🙂

I was not aware that && could be used in SQL though; even if it is legal, perhaps AND would be more in line with usual practice.

gwh

I'll try AND instead of &&. Thanks again for the help.

gwh

I'm sorry to come back to this post but I wondered if I could ask a related question? If not I can post a new thread.

I have the following links in a menu on my home page which point to a controller file index.php:

    <div><a href="catalogue/business/index.php?subcatID=1&amp;itemTypeID=1"> item1 </a></div>
    <div><a href="catalogue/business/index.php?subcatID=1&amp;itemTypeID=2"> item2 </a></div>
    <div><a href="catalogue/business/index.php?subcatID=1&amp;itemTypeID=3"> item3 </a></div>

If I click on say the "item1" link, it will parse the code in index.php and then load an include file that will display the correct information for the particular slideshow. So the following code will load the template file:

include 'catalogue.php';
exit();

The problem is that since the template file was loaded from the controller file (index.php), it's now located in a different directory and therefore if I click on any other link (which are available in a sidebar menu) the path no longer works. So if I click on say 'item2' from this point, I get a page not found error.

I wondered if you could tell me if there's a workaround for this. I don't know if I need to use absolute links or whether there's another php solution.

Really appreciate any further advice.

johanafm

href="/catalogue/business/index.php?subcatID=1&amp;itemTypeID=1"

gwh

Thanks for the reply,

The home page that's calling the links is in a folder called business that sits in the root directory, ie.

mysite.com/business/home.php

So this home.php has the menu in it with the links. The following link (which is in home.php) is targeting a controller file 2 directories above it:

<div><a href="catalogue/business/index.php?subcatID=1&amp;itemTypeID=1"> Knitwear </a></div>

This controller file (index.php) is in a folder called business which is nested in a folder called catalogue which sits in the business directory (ie. the directory that holds home.php).

I tried putting in the forward slash so that the links looked like:

<div><a href="/catalogue/business/index.php?subcatID=1&amp;itemTypeID=1"> Knitwear </a></div>

but this didn't work. When I load home.php and then click on one of the links to go to the controller page, the address isn't complete so I get a page not found error. The following is what it loads:

http://localhost:8888/catalogue/corporate/index.php?subcatID=1&itemTypeID=3

So it's missing the 'mysite' part and also the directory called 'business'. When testing locally It should be:

http://localhost:8888//mysite/business/catalogue/corporate/index.php?subcatID=1&itemTypeID=2

Do you have any other suggestions?

johanafm

href="/mysite/business/catalogue/business/index.php?subcatID=1&amp;itemTypeID=1"