0

Could someone please help me out here?

I've been using the code below in some of my WordPress pages, but I've looked at it so long ago that I honestly can't remember how to debug it - go figure... The only thing that changed was the database.

It works like this:

  1. URL has parameter called id in this form: http://example.com/post?id=...
  2. Code checks if param is present, otherwise it redirects home.
  3. If the param is present, code gets the ID and compares it to the records in the MySQL database hosted by my ISP.
  4. Match gets used in an echo statement.
  5. A div on the page is activated.

Database Layout: .+-------+------------+------------+------------+------------+---------------+ | id | Naam | Metgesel | Kind1 | Kind2 | Email | +-------+------------+------------+------------+------------+---------------+ | abc12 | Bobby | Caily | * | * | [email protected] | | ... | ... | ... | ... | ... | ... | +-------+------------+------------+------------+------------+---------------+

ERROR ENCOUNTERED:

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/.../public_html/wp-content/plugins/insert-php-code-snippet/shortcode-handler.php(32) : eval()'d code on line 4 Invalid or no security key!

Code:

<script>
function invite(){
    document.getElementById('invite').style.display=(document.getElementById('invite').style.display=='block')?'none':'block'; 
}
</script>

<script>
function returnHome(){
    setTimeout(function () {window.location.href = 'http://example.com';},2000); 
}
</script>

$part = $_REQUEST['id'];

if(isset($_GET["id"])){
    $query = sprintf("SELECT * FROM `DATABASE`.`TABLE`
       WHERE idquack='$part'",
       mysql_real_escape_string($query));

    $result = mysql_query($query);
    if (!$result) {
        $message = 'Invalid or no security key';
        die($message);
    } else {
        while ($row = mysql_fetch_assoc($result)) {
            if ($row['Metgesel'] != "*"){
                if ($row['Metgesel'] == "#"){
                    if ($row['Kind1'] != "*"){
                        if ($row['Kind2'] != "*"){
                            echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>";
                        } else {
                            echo '<h1>' . $row['Naam'] . ", " . "Metgesel" . " en " . $row['Kind1'] . "</h1>";
                        }
                    } else {
                         echo '<h1>' . $row['Naam'] . " en " . "Metgesel" . "</h1>";
                    }
                } else{
                    if ($row['Kind1'] != "*"){
                        if ($row['Kind2'] != "*"){
                            echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . ", " . $row['Kind1'] . " en " . $row['Kind2'] . "</h1>";
                        } else {
                            echo '<h1>' . $row['Naam'] . ", " . $row['Metgesel'] . " en " . $row['Kind1'] . "</h1>";
                        }
                    } else {
                        echo '<h1>' . $row['Naam'] . " en " . $row['Metgesel'] . "</h1>";
                    }
                }
            } else {
                echo '<h1>' . $row['Naam'] . "</h1>";
            }

            echo '<script>invite();</script>';
        }
    }

    mysql_free_result($result);
} else{
    echo 'Hold on tight - we're taking you home!';
    echo '<script>returnHome();</script>';
}
Improve this question

1 Answer 1

Reset to default
1

You'll want to change this line:

$query = sprintf("SELECT * FROM `DATABASE`.`TABLE`
       WHERE idquack='$part'",
       mysql_real_escape_string($query));

to this line:

$query = sprintf( "SELECT * FROM DATABASE.TABLE WHERE idquack='%s'", mysql_real_escape_string( $part ) );

Your error is due to the fact that you are passing the entire query itself into the mysql_real_escape_string function, and the sprintf() is looking for a variable... the line really doesn't make any sense as you have it, but the way I mentioned is a proper way to invoke it.

I didn't look through the rest of the code to see if there were any other issues, but try this first to remove the error you have given.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This works, thank you! I did what you suggested, and I've also created a connection to start off with - redundant, but safer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.