Event calender not working, need to add filter but dont know

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

jonnyfortis
Forum Contributor
Posts: 462
Joined: Tue Jan 10, 2012 6:05 am

Event calender not working, need to add filter but dont know

Post by jonnyfortis »

i have an event calander from kublabs that i have adapted. the detail page shows the correct event based on the filtering the event_id

but the prblem i am having is i have a query thats send the event to the shopping cart but it is not selecting the correct varialble. I dont know how to say i want the variable that has been passed by the calander - event_id='$_GET[id]'

Code: Select all

<?
require_once("includes/config.php");
$db_connection = mysql_connect ($DBHost, $DBUser, $DBPass) OR die (mysql_error()); 
$db_select = mysql_select_db ($DBName) or die (mysql_error());
$db_table = $TBL_PR . "events";
 
 
$query = "SELECT * FROM $db_table WHERE event_id='$_GET[id]' LIMIT 1";
$query_result = mysql_query ($query);
while ($info = mysql_fetch_array($query_result)){
    $date = date ("l, jS F Y", mktime(0,0,0,$info['event_month'],$info['event_day'],$info['event_yea r']));
    $time_array = split(":", $info['event_time']);
    $time = date ("g:ia", mktime($time_array['0'],$time_array['1'],0,$info['event_month'],$info ['event_day'],$info['event_year']));
?>
 
//  *** Add item to Shopping Cart via link ***
$XC_AddLink1 = $_SERVER["PHP_SELF"];
if (!isset($XC_newQS) || $XC_newQS == "") {
  $XC_AddLink1 .= "?XC_AddId1=";
} else {
  $XC_AddLink1 .= "?" . $XC_newQS . "&XC_AddId1=";
}
$XC_uniqueCol1="event_id";
if (isset($_GET["XC_AddId1"])) {
  $NewRS=mysql_query($query_rsEvent, $lotties) or die(mysql_error());
  $ln = "1";
  $XC_rsName="rsEvent";
  $XC_uniqueCol = "XC_uniqueCol$ln";
  $XC_redirectTo = "../already-added.php";
  $XC_AddViaLinkRedirect = "../shopping-cart.php";
  $XC_BindingTypes=array("RS","LITERAL","RS","RS","NONE");
  $XC_BindingValues=array("event_id","1","event_title","event_price","" );
  $XC_BindingLimits=array("","","","","");
  $XC_BindingSources=array("","","","","");
  $XC_BindingOpers=array("","","","","");
  require_once('XCInc/AddToXCartViaLink.inc');
}
?>

i need to tell the
$XC_uniqueCol1="event_id";
to use the event_id='$_GET[id]'

in order to pass the correct information

i should also include the fact that the // *** Add item to Shopping Cart via link *** is getting its information from a different SQL

Code: Select all

mysql_select_db($database_lot, $lot);
$query_rsEvent = sprintf("SELECT * FROM calendar_events WHERE event_title = %s", GetSQLValueString($colname_rsEvent, "text"));
$rsEvent = mysql_query($query_rsEvent, $lotties) or die(mysql_error());
$row_rsEvent = mysql_fetch_assoc($rsEvent);
$totalRows_rsEvent = mysql_num_rows($rsEvent);

i have tried assigning the querystring to the variable

$XC_uniqueCol1="$_GET[id]";

but the link is showing a blank id

http://website.com/beta/kubelabs/event. ... XC_AddId1=

if i leave the script "asis" it is sending the first record of the database

http://website.com/beta/kubelabs/event. ... _AddId1=13

for this to work it should be reading

http://website.com/beta/kubelabs/event. ... _AddId1=14
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Event calender not working, need to add filter but dont

Post by requinix »

Your post is all sorts of confusing. It looks like you've successfully opened yourself up to SQL injection by using $_GET["id"] and as far as I can tell that's working.

The best guess I have is that

Code: Select all

if (!isset($XC_newQS) || $XC_newQS == "") {
  $XC_AddLink1 .= "?XC_AddId1=";
} else {
  $XC_AddLink1 .= "?" . $XC_newQS . "&XC_AddId1=";
}
you're not actually adding the ID in there and

Code: Select all

  $ln = "1";
  $XC_rsName="rsEvent";
  $XC_uniqueCol = "XC_uniqueCol$ln";
you've hardcoded $ln=1 when you should be (?) using $_GET["id"].
jonnyfortis
Forum Contributor
Posts: 462
Joined: Tue Jan 10, 2012 6:05 am

Re: Event calender not working, need to add filter but dont

Post by jonnyfortis »

$ln = "1";
this is just the quantity that is being passed
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Event calender not working, need to add filter but dont

Post by requinix »

Hmm yes, that does make more sense.

Still, $XC_AddLink1 not including the ID is the best lead I have.
jonnyfortis
Forum Contributor
Posts: 462
Joined: Tue Jan 10, 2012 6:05 am

Re: Event calender not working, need to add filter but dont

Post by jonnyfortis »

Still, $XC_AddLink1 not including the ID is the best lead I have.
how do you mean?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Event calender not working, need to add filter but dont

Post by requinix »

Look at the code.

Code: Select all

if (!isset($XC_newQS) || $XC_newQS == "") {
  $XC_AddLink1 .= "?XC_AddId1=";
} else {
  $XC_AddLink1 .= "?" . $XC_newQS . "&XC_AddId1=";
}
It adds the XC_AddId1= but it doesn't include the value. And I didn't see that variable get used anywhere. At all, which is probably not the case, so I can only conclude there's more code you haven't posted yet.
jonnyfortis
Forum Contributor
Posts: 462
Joined: Tue Jan 10, 2012 6:05 am

Re: Event calender not working, need to add filter but dont

Post by jonnyfortis »

ok here is all the code for the page

Code: Select all

<?php require_once('XCInc/XCaddLink.inc'); ?>
<?php require_once('../Connections/lot.php'); ?>
<?
require_once("includes/config.php");
$db_connection = mysql_connect ($DBHost, $DBUser, $DBPass) OR die (mysql_error());  
$db_select = mysql_select_db ($DBName) or die (mysql_error());
$db_table = $TBL_PR . "events";

$query = "SELECT * FROM $db_table WHERE event_id='$_GET[id]' LIMIT 1";
$query_result = mysql_query ($query);
while ($info = mysql_fetch_array($query_result)){
    $date = date ("l, jS F Y", mktime(0,0,0,$info['event_month'],$info['event_day'],$info['event_year']));
    $time_array = split(":", $info['event_time']);
    $time = date ("g:ia", mktime($time_array['0'],$time_array['1'],0,$info['event_month'],$info['event_day'],$info['event_year']));
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

// *** X Shopping Cart ***
$useSessions = true;
$XCName = "LotCart";
$XCTimeout = 30;
$XC_ColNames=array("ProductID","Quantity","Name","Price","Total");
$XC_ComputedCols=array("","","","","Price");
require_once('XCInc/XCart.inc');

mysql_select_db($database_lot, $lot);
$query_rsEvent = "SELECT * FROM calendar_events";
$rsEvent = mysql_query($query_rsEvent, $lot) or die(mysql_error());
$row_rsEvent = mysql_fetch_assoc($rsEvent);
$totalRows_rsEvent = mysql_num_rows($rsEvent);

//  *** Add item to Shopping Cart via link *** 
$XC_AddLink1 = $_SERVER["PHP_SELF"];
if (!isset($XC_newQS) || $XC_newQS == "") {
  $XC_AddLink1 .= "?XC_AddId1=";
} else {
  $XC_AddLink1 .= "?" . $XC_newQS . "&XC_AddId1=";
}
$XC_uniqueCol1="event_id";
if (isset($_GET["XC_AddId1"])) {
  $NewRS=mysql_query($query_rsEvent, $lot) or die(mysql_error());
  $ln = "1";
  $XC_rsName="rsEvent";
  $XC_uniqueCol = "XC_uniqueCol$ln";
  $XC_redirectTo = "../already-added.php";
  $XC_AddViaLinkRedirect = "../shopping-cart.php";
  $XC_BindingTypes=array("RS","LITERAL","RS","RS","NONE");
  $XC_BindingValues=array("event_id","1","event_title","event_price","");
  $XC_BindingLimits=array("","","","","");
  $XC_BindingSources=array("","","","","");
  $XC_BindingOpers=array("","","","","");
  require_once('XCInc/AddToXCartViaLink.inc');
}
?>

the link to the shopping cart is

Code: Select all

<a href="<?php echo $XC_AddLink1 . $row_rsEvent[$XC_uniqueCol1]; ?>" onmouseout="MM_nbGroup('out');" onmouseover="MM_nbGroup('over','addToCart_r2_c2_s1','../images/addToCart/addToCart_r2_c2_s2.gif','../images/addToCart/addToCart_r2_c2_s3.gif',1);" onclick="MM_nbGroup('down','navbar1','addToCart_r2_c2_s1','../images/addToCart/addToCart_r2_c2_s3.gif',1);"><img name="addToCart_r2_c2_s1" src="../images/addToCart/addToCart_r2_c2_s1.gif" width="107" height="11" border="0" id="addToCart_r2_c2_s1" alt="" /></a>

do you want me to include the calander page aswell?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Event calender not working, need to add filter but dont

Post by requinix »

You sure that's all to the file? There's a } missing.
jonnyfortis
Forum Contributor
Posts: 462
Joined: Tue Jan 10, 2012 6:05 am

Re: Event calender not working, need to add filter but dont

Post by jonnyfortis »

You sure that's all to the file? There's a } missing.
really??

i copied the page
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Event calender not working, need to add filter but dont

Post by requinix »

Yeah: the while loop near the beginning isn't closed. That file shouldn't be running at all.
jonnyfortis
Forum Contributor
Posts: 462
Joined: Tue Jan 10, 2012 6:05 am

Re: Event calender not working, need to add filter but dont

Post by jonnyfortis »

let me check and post it again
jonnyfortis
Forum Contributor
Posts: 462
Joined: Tue Jan 10, 2012 6:05 am

Re: Event calender not working, need to add filter but dont

Post by jonnyfortis »

here it is again, is the } still missing?

Code: Select all

<?php require_once('XCInc/XCaddLink.inc'); ?>
<?php require_once('../Connections/lot.php'); ?>
<?
require_once("includes/config.php");
$db_connection = mysql_connect ($DBHost, $DBUser, $DBPass) OR die (mysql_error());  
$db_select = mysql_select_db ($DBName) or die (mysql_error());
$db_table = $TBL_PR . "events";

$query = "SELECT * FROM $db_table WHERE event_id='$_GET[id]' LIMIT 1";
$query_result = mysql_query ($query);
while ($info = mysql_fetch_array($query_result)){
    $date = date ("l, jS F Y", mktime(0,0,0,$info['event_month'],$info['event_day'],$info['event_year']));
    $time_array = split(":", $info['event_time']);
    $time = date ("g:ia", mktime($time_array['0'],$time_array['1'],0,$info['event_month'],$info['event_day'],$info['event_year']));
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

// *** X Shopping Cart ***
$useSessions = true;
$XCName = "LotCart";
$XCTimeout = 30;
$XC_ColNames=array("ProductID","Quantity","Name","Price","Total");
$XC_ComputedCols=array("","","","","Price");
require_once('XCInc/XCart.inc');

mysql_select_db($database_lot, $lot);
$query_rsEvent = "SELECT * FROM calendar_events";
$rsEvent = mysql_query($query_rsEvent, $lotties) or die(mysql_error());
$row_rsEvent = mysql_fetch_assoc($rsEvent);
$totalRows_rsEvent = mysql_num_rows($rsEvent);

//  *** Add item to Shopping Cart via link *** 
$XC_AddLink1 = $_SERVER["PHP_SELF"];
if (!isset($XC_newQS) || $XC_newQS == "") {
  $XC_AddLink1 .= "?XC_AddId1=";
} else {
  $XC_AddLink1 .= "?" . $XC_newQS . "&XC_AddId1=";
}
$XC_uniqueCol1="event_id";
if (isset($_GET["XC_AddId1"])) {
  $NewRS=mysql_query($query_rsEvent, $lotties) or die(mysql_error());
  $ln = "1";
  $XC_rsName="rsEvent";
  $XC_uniqueCol = "XC_uniqueCol$ln";
  $XC_redirectTo = "../already-added.php";
  $XC_AddViaLinkRedirect = "../shopping-cart.php";
  $XC_BindingTypes=array("RS","LITERAL","RS","RS","NONE");
  $XC_BindingValues=array("event_id","1","event_title","event_price","");
  $XC_BindingLimits=array("","","","","");
  $XC_BindingSources=array("","","","","");
  $XC_BindingOpers=array("","","","","");
  require_once('XCInc/AddToXCartViaLink.inc');
}
?>
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Event calender not working, need to add filter but dont

Post by requinix »

Yes, still missing. It doesn't look like you should have that loop in the first place, but more important is the fact that this script can't possibly run, suggesting that you're editing the wrong file(s).
jonnyfortis
Forum Contributor
Posts: 462
Joined: Tue Jan 10, 2012 6:05 am

Re: Event calender not working, need to add filter but dont

Post by jonnyfortis »

Yes, still missing. It doesn't look like you should have that loop in the first place, but more important is the fact that this script can't possibly run, suggesting that you're editing the wrong file(s).
can you elaborate. also what should i be seeing if i try and run this?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Event calender not working, need to add filter but dont

Post by requinix »

Parse error: syntax error, unexpected $end in /path/to/file on line 85
The table is named "events" and the field the query searches on is "event_id". I expect that field to be unique which means the query should only return one row (if any). Since there's just the one row a loop isn't really appropriate.
Post Reply