...

View Full Version : Database pulling data it shouldn't be



HDRebel88
08-18-2012, 07:40 AM
My database is returning data that it shouldn't be... can't figure out why:



<?php
if($_GET['films']=="catalog"){

}
else{

$back_link = $_GET['films']!="" ? '<div class="project_back_link project_back_link_film"><a href="index.php?films"> Back to Films Main Page</a></div>' : '';
$film_links="";
require_once 'db_select.php';
$films_result=mysqli_query($area51_db, "SELECT * FROM `projects`");
while($films_row=mysqli_fetch_assoc($films_result)){
extract($films_row);
$film_links.='
<div class="project_link"><a href="index.php?films='.$project_url.'">'.$project_title.'</a>'."\n".'
<div class="project_release">('.$project_year.')</div>'."\n".'
<div class="project_genre">('.$project_genre.')</div>'."\n".'
</div>'."\n";
}

if($_GET['films']!=""){
$project_url=sanitize($area51_db, $_GET['films']);
$project_result=mysqli_query($area51_db, "SELECT * FROM `projects` WHERE project_url='$project_url'");
while($project_row=mysqli_fetch_assoc($project_result)){
extract($project_row);
$film_title=$project_title.' ('.$project_year.')';
}
$content2='<p class="bold">Synopsis:</p>'."\n".$project_synopsis;
}
else{
$film_title='Current Feature Films';
}

$content='
<div class="category_news_wrapper2">
<div class="category_links2">
<div class="category_links_title"><span class="category_title_text">Films</span></div>
<div class="category_links_text2">
'.$film_links.'
'.$catalog_link.'
'.$back_link.'
</div>
</div>
<div class="news2">
<div class="news_title2"><span class="category_title_text">Latest News</span></div>
<div class="news_text2"></div>
</div>
</div>
<div class="page_content_wrapper">
<div class="page_content2">
<div class="page_content_title"><span class="page_content_title_text">'.$film_title.'</span></div>
<div class="page_content_text">
<div class="page_content_text_positioner">
'.$content2.'
</div>
</div>
</div>
</div>
';
}
?>


If I type in a non-sense word in the URL after films (i.e: index.php?films=asdfesgd), $content2='<p class="bold">Synopsis:</p>'."\n".$project_synopsis; returns the synopsis for the last row in the database, even though it should return nothing.

Here's an example: http://www.area51entertainment.co/index.php?films=asdfgh this will display the synopsis for this page:
http://www.area51entertainment.co/index.php?films=agentundercover

HDRebel88
08-18-2012, 10:44 AM
Nevermind... it was because I was using extract on the same data from two different queries, so the table column names from the query being used to generate the left-side menu bar, were coming through into the content portion, and filling in the synopsis with the last row pulled to generate the menu bar.

Got rid of the first extract, and now all is good:



<?php
if($_GET['films']=="catalog"){

}
else{
$back_link = $_GET['films']!="" ? '<div class="project_back_link project_back_link_film"><a href="index.php?films">&#171; Back to Films Main Page</a></div>' : '';
$film_links="";
require_once 'db_select.php';
$films_result=mysqli_query($area51_db, "SELECT * FROM `projects`");
while($films_row=mysqli_fetch_assoc($films_result)){
$film_links.='
<div class="project_link"><a href="index.php?films='.$films_row['project_url'].'">'.$films_row['project_title'].'</a>'."\n".'
<div class="project_release">('.$films_row['project_year'].')</div>'."\n".'
<div class="project_genre">('.$films_row['project_genre'].')</div>'."\n".'
</div>'."\n";
}

if($_GET['films']!=""){
$project_url=sanitize($area51_db, $_GET['films']);
$project_result=mysqli_query($area51_db, "SELECT * FROM `projects` WHERE project_url='$project_url'");
while($project_row=mysqli_fetch_assoc($project_result)){
extract($project_row);
$film_title=$project_title.' ('.$project_year.')';
}
$content2='<p class="bold">Synopsis:</p>'."\n".$project_synopsis;
}
else{
$film_title='Current Feature Films';
}

$content='
<div class="category_news_wrapper2">
<div class="category_links2">
<div class="category_links_title"><span class="category_title_text">Films</span></div>
<div class="category_links_text2">
'.$film_links.'
'.$catalog_link.'
'.$back_link.'
</div>
</div>
<div class="news2">
<div class="news_title2"><span class="category_title_text">Latest News</span></div>
<div class="news_text2"></div>
</div>
</div>
<div class="page_content_wrapper">
<div class="page_content2">
<div class="page_content_title"><span class="page_content_title_text">'.$film_title.'</span></div>
<div class="page_content_text">
<div class="page_content_text_positioner">
'.$content2.'
</div>
</div>
</div>
</div>
';
}
?>

Fou-Lu
08-18-2012, 04:49 PM
And hence why you shouldn't use extract at all.
Any handling that allows variable creation should be avoided due to creating debugging nightmares. These include extract (which can be prefixed mind you), global, variable variables, register globals, __set, etc. Effectively, anything that can create a variable without being explicitly defined.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum