View Full Version : Using _GET function to grab SQL query string

12-07-2011, 07:54 AM
Sorry for creating a new thread but I'm trying to target the exact source of the problem I am having and each time, a new question comes up that I need to ask.

I have 2 sites: MMOCraze.com and RPGMax.com.

The error is occurring on RPGMax.com.

The error occurs on the page http://www.rpgmax.com/mmo/gamedirectory/gameprofile

MMOCraze has the same page but slightly different URL structure: http://www.mmocraze.com/game-directory/game-profile.

The game directory pages on both sites use the same template files with different databases. The information and structure in both databases are the same. On the game directory page for both sites, a loop is created to output a list of games stored in the database table. Each game in the list has a link that directs the user to the game's profile page.

The code to create that link is as follows:

<a href=http://www.rpgmax.com/mmo/gamedirectory/gameprofile/?gameId=" . $row['gameId'] . ">" . $row['gameName'] . "</a>

That's the code used on RPGMax. MMOCraze uses the exact same code with slight difference:

<a href=http://www.mmocraze.com/game-directory/game-profile/?gameId=" . $row['gameId'] . ">" . $row['gameName'] . "</a>

Both sites use the same _GET code and sql in their game profile pages:

$gameId = $_GET['gameId'];

$result = mysql_query("SELECT * FROM wp_rpgmax_games WHERE gameId=$gameId");

(MMOCraze uses wp_MMOCraze_games)

$row = mysql_fetch_array($result);

The sql usage in the html code...excerpt:

<h1>Official Site: <a href=" . $row['gameUrl'] . " target=_new>" . $row['gameName'] . "</a></h1>
<td align=left>
<img src=" . $row['gameLogoUrl'] . " alt='Game Logo' border='0' height=105></td>

MMOCraze works but not RPGMax. When you click on http://www.mmocraze.com/game-directory/game-profile/?gameId=XXX, it will take you to the game profile page with the gameId query attached. RPGMax isn't doing that. It fails to fetch the gameId query and goes straight to the game profile page with no data outputted.

Any ideas? That's the main problem...MMOCraze works but NOT RPGMax. MMOcraze returns an array but not RPGMax, which is weird because they use the same htaccess and same sql/php code.

Old Pedant
12-07-2011, 08:00 AM
Well, neither one of the URLs are the actual URLs of the pages that are doing the SQL.


You can see that neither one of those is actually specifying a PHP page.

Normally, you'd expect to see something like


So there are two possibilities I see:
(1) In both cases, those are just directories and you are then hitting the *default* page in the directory. Something like "default.php" or "index.php".
(2) You are using URL rewriting in Linux, and indeed the actual page maybe is something like


If the latter is the case, and if one of the URL rewrites *IS* taking into account the ?gameId and handling it correctly and the other URL rewriet is throwing away the ?gameId, then it would all make sense.

So...which is it? default page or url rewrites?

Old Pedant
12-07-2011, 08:06 AM
Hmmmm...I hit this page thus:


and it gets to your server and then *CHANGES* the URL to remove the ?gameId=989 !!

Whereas if I hit *this* page

it hits the server and *ALSO* changes the URL...but to this:


So yes, I think you have URL rewriting happening there.

Old Pedant
12-07-2011, 08:09 AM
If you know what the *actual* URL is, the one that that URL rewrite is taking us to, try using it directly and I'll bet it works.

12-07-2011, 08:30 AM
How would I get the actual url?

Both sites have the same htaccess files in their root files.

Their wordpress permalink settings have custom structure seo settings:

MMOCraze uses --> /%post_id%/%category%/%postname%/

RPGMax uses --> /%category%/%postname%/

Both sites use the game profile page as the target page but the code uses an sql query string to attach the gameId to the URL, hence the /?gameId=XXX where XXX is the gameID variable which gets replaced by the corresponding gameId in the database. _GET, I believe is a function that "gets" info from the inputting page and adds the info "inputted" into the browser url. I believe that input forms add "/?" to the browser URL when submitting info that has a target page using _GET. The sql string forces the ?/ into the URL and the _GET function on the target game profile page "gets" the gameId from the sql query and attaches it to the URL. That's how it should work...thats how MMOCraze works, I believe.

By the way, I tried the URL you had on my firefox browser (latest version), http://www.mmocraze.com/game-directory/game-profile/?gameId=989, and the server didn't change the URL for me...stayed the same.

Old Pedant
12-07-2011, 09:05 AM
$_GET["name"] looks in the query string (the part of the URL after the question mark) and tries to find name=value and, if found, returns the value.

So if you have a URL ending in "?gameID=17" that means the $_GET looks for "gameID=" and, when found, returns "17" (as a string, by the way, as all such values are strings).

To pass multiple name=value pairs in a query string you separate them with an ampersand.

So, for example "xyz.php?gameId=17&name=John" would allow your PHP code to do

$id = $_GET["gameId"];
$user = $_GET["name"];

Note that the PHP variable names have no direct relation ship to the $_GET names. You could have coded

$framitzammerzappen = $_GET["gemeId"];
$zyai188_8818BBcx = $_GET["name"];

If there is no name=value pair in the query string (in the URL after the ?) then when PHP tries to do $_GET["name"] it will get a null value. You can test that in PHP using isSet($_GET["name"])

SO...if your htaccess has a bug so that it rewrites the URL with passing along the stuff from the question mark onward, PHP will never be able to use $_GET. Simple as that.

I don't use Linux (did many years ago) and it would take me a while to figure out your htaccess settings, so I'd suggest that if you don't know how to fix them you find some Linux guru who does.

Old Pedant
12-07-2011, 09:06 AM
Oh, and I think I typoed on that one where I thought it changed ?gameID=989 to ?gameID?989

I tried it again with ?gameId=1 and it worked just fine.

But the URL that removed the ? completely continues to do so.

Old Pedant
12-07-2011, 09:08 AM
the code uses an sql query string to attach the gameId to the URL,

No, you have that backwards. It uses the query string to find out WHAT gameId to use with the SQL.