[RESOLVED] Passing Variable Failure

renobailey

I'm using PHP version 5.4.12.

In scribblings_main.php (all html code), there's this code:

<a href="display_story.php?serial=17">Jan 26</a>

It calls a page to display a newspaper story from a single record with 'serial number' of 17.

If I hard code that number in the display page ($serial = 17;) it works perfectly; if I attempt to pass the variable 'serial' and try to retrieve it on the display page with $serial = $_GET['serial'] ; I get this error: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"

Starting at line 1, and down to the $serial = $_GET['serial'] ; statement, there is this code:

<?php require_once('Connections/scribblings.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string ($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    

    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

I have no idea what the error tells me. Can anyone see how this block of code might be screwing things up?

Here is the rest of the code:

$serial = $_GET['serial'] ;
$serial = is_int($serial); 
mysql_select_db($database_scribblings, $scribblings);
$query_rsStory = "SELECT story FROM stories WHERE storyid = $serial";
$rsStory = mysql_query($query_rsStory, $scribblings) or die(mysql_error());
$row_rsStory = mysql_fetch_assoc($rsStory);
$totalRows_rsStory = mysql_num_rows($rsStory);

mysql_free_result($rsStory);
?>

bradgrafelman

Welcome to PHPBuilder! When posting PHP code, please use the board's [noparse]

..

[/noparse] bbcode tags as they make your code much easier to read and analyze. As for your issue...

First and foremost, Stop Using the MySQL Extension!

Next, take a look at these two lines:

$serial = $_GET['serial'] ;
$serial = is_int($serial);

Here, you're overwriting the actual value stored in $serial with the boolean return value of [man]is_int/man. Thus, $serial now contains boolean FALSE (since GET/POST data is always a string and thus [man]is_int/man will always return FALSE).

renobailey;11037783 wrote:
scribblings_main.php (all html code)

If it's "all html code," then why does it have a ".php" file extension? 😉

traq

Have you looked at the SQL this code generates?

Hint: [font=monospace]$serial[/font] is FALSE. ([man]is_int[/man] returns boolean -true or false- and GET params are strings, so you'll get false.)

edit — @ beat me to it

renobailey

bradgrafelman;11037785 wrote:
Welcome to PHPBuilder! When posting PHP code, please use the board's [noparse]
..
[/noparse] bbcode tags as they make your code much easier to read and analyze. As for your issue...

Sorry about that. Didn't notice the bbcode tags.

First and foremost, Stop Using the MySQL Extension!

Next, take a look at these two lines:
$serial = $_GET['serial'] ;
$serial = is_int($serial);
Here, you're overwriting the actual value stored in $serial with the boolean return value of [man]is_int/man. Thus, $serial now contains boolean FALSE (since GET/POST data is always a string and thus [man]is_int/man will always return FALSE).

If it's "all html code," then why does it have a ".php" file extension? 😉

Previously, it did contain PHP code, which I removed.

$serial = is_int($serial);
My bad. (Thought that ensured the variable was an integer, not text.) When I removed this, I get a blank screen.

How can I see my variable values?

bradgrafelman

renobailey;11037793 wrote:
When I removed this, I get a blank screen.

It's hard to tell what the full script actually looks like, but... does it actually contain any statements that would output data if no errors occurred? At first glance of your code above, it would appear the answer is no.

renobailey;11037793 wrote:
How can I see my variable values?

Well one simplistic way would be to simply [man]echo[/man]/[man]print[/man] them. A more useful way, however, might be to use a function like [man]var_dump/man to get more descriptive information about what a variable contains.

renobailey

Got it all straightened out. Thanks for your help!