Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    May 2011
    Posts
    124
    Thanks
    12
    Thanked 6 Times in 6 Posts

    Database pulling data it shouldn't be

    My database is returning data that it shouldn't be... can't figure out why:

    PHP Code:
    <?php
    if($_GET['films']=="catalog"){

    }
    else{

    $back_link $_GET['films']!="" '<div class="project_back_link project_back_link_film"><a href="index.php?films">« Back to Films Main Page</a></div>' '';
    $film_links="";
    require_once 
    'db_select.php';
    $films_result=mysqli_query($area51_db"SELECT * FROM `projects`");
        while(
    $films_row=mysqli_fetch_assoc($films_result)){
        
    extract($films_row);
        
    $film_links.='
        <div class="project_link"><a href="index.php?films='
    .$project_url.'">'.$project_title.'</a>'."\n".'
        <div class="project_release">('
    .$project_year.')</div>'."\n".'
        <div class="project_genre">('
    .$project_genre.')</div>'."\n".'
        </div>'
    ."\n";
        }
        
    if(
    $_GET['films']!=""){
    $project_url=sanitize($area51_db$_GET['films']);
    $project_result=mysqli_query($area51_db"SELECT * FROM `projects` WHERE project_url='$project_url'");
        while(
    $project_row=mysqli_fetch_assoc($project_result)){
        
    extract($project_row);
        
    $film_title=$project_title.' ('.$project_year.')';
        }
        
    $content2='<p class="bold">Synopsis:</p>'."\n".$project_synopsis;
    }
    else{
    $film_title='Current Feature Films';
    }

    $content='
    <div class="category_news_wrapper2">
    <div class="category_links2">
    <div class="category_links_title"><span class="category_title_text">Films</span></div>
    <div class="category_links_text2">
    '
    .$film_links.'
    '
    .$catalog_link.'
    '
    .$back_link.'
    </div>
    </div>
    <div class="news2">
    <div class="news_title2"><span class="category_title_text">Latest News</span></div>
    <div class="news_text2"></div>
    </div>
    </div>
    <div class="page_content_wrapper">
    <div class="page_content2">
    <div class="page_content_title"><span class="page_content_title_text">'
    .$film_title.'</span></div>
    <div class="page_content_text">
    <div class="page_content_text_positioner">
    '
    .$content2.'
    </div>
    </div>
    </div>
    </div>
    '
    ;
    }
    ?>
    If I type in a non-sense word in the URL after films (i.e: index.php?films=asdfesgd), $content2='<p class="bold">Synopsis:</p>'."\n".$project_synopsis; returns the synopsis for the last row in the database, even though it should return nothing.

    Here's an example: http://www.area51entertainment.co/in...p?films=asdfgh this will display the synopsis for this page:
    http://www.area51entertainment.co/in...gentundercover
    Last edited by HDRebel88; 08-18-2012 at 07:52 AM.

  • #2
    Regular Coder
    Join Date
    May 2011
    Posts
    124
    Thanks
    12
    Thanked 6 Times in 6 Posts
    Nevermind... it was because I was using extract on the same data from two different queries, so the table column names from the query being used to generate the left-side menu bar, were coming through into the content portion, and filling in the synopsis with the last row pulled to generate the menu bar.

    Got rid of the first extract, and now all is good:

    PHP Code:
    <?php
    if($_GET['films']=="catalog"){

    }
    else{
    $back_link $_GET['films']!="" '<div class="project_back_link project_back_link_film"><a href="index.php?films">« Back to Films Main Page</a></div>' '';
    $film_links="";
    require_once 
    'db_select.php';
    $films_result=mysqli_query($area51_db"SELECT * FROM `projects`");
        while(
    $films_row=mysqli_fetch_assoc($films_result)){
        
    $film_links.='
        <div class="project_link"><a href="index.php?films='
    .$films_row['project_url'].'">'.$films_row['project_title'].'</a>'."\n".'
        <div class="project_release">('
    .$films_row['project_year'].')</div>'."\n".'
        <div class="project_genre">('
    .$films_row['project_genre'].')</div>'."\n".'
        </div>'
    ."\n";
        }
        
    if(
    $_GET['films']!=""){
    $project_url=sanitize($area51_db$_GET['films']);
    $project_result=mysqli_query($area51_db"SELECT * FROM `projects` WHERE project_url='$project_url'");
        while(
    $project_row=mysqli_fetch_assoc($project_result)){
        
    extract($project_row);
        
    $film_title=$project_title.' ('.$project_year.')';
        }
        
    $content2='<p class="bold">Synopsis:</p>'."\n".$project_synopsis;
    }
    else{
    $film_title='Current Feature Films';
    }

    $content='
    <div class="category_news_wrapper2">
    <div class="category_links2">
    <div class="category_links_title"><span class="category_title_text">Films</span></div>
    <div class="category_links_text2">
    '
    .$film_links.'
    '
    .$catalog_link.'
    '
    .$back_link.'
    </div>
    </div>
    <div class="news2">
    <div class="news_title2"><span class="category_title_text">Latest News</span></div>
    <div class="news_text2"></div>
    </div>
    </div>
    <div class="page_content_wrapper">
    <div class="page_content2">
    <div class="page_content_title"><span class="page_content_title_text">'
    .$film_title.'</span></div>
    <div class="page_content_text">
    <div class="page_content_text_positioner">
    '
    .$content2.'
    </div>
    </div>
    </div>
    </div>
    '
    ;
    }
    ?>

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    And hence why you shouldn't use extract at all.
    Any handling that allows variable creation should be avoided due to creating debugging nightmares. These include extract (which can be prefixed mind you), global, variable variables, register globals, __set, etc. Effectively, anything that can create a variable without being explicitly defined.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •