Page 1 of 3

Event calender not working, need to add filter but dont know

Posted: Wed Feb 20, 2013 8:14 am
by jonnyfortis
i have an event calander from kublabs that i have adapted. the detail page shows the correct event based on the filtering the event_id

but the prblem i am having is i have a query thats send the event to the shopping cart but it is not selecting the correct varialble. I dont know how to say i want the variable that has been passed by the calander - event_id='$_GET[id]'

Code: Select all

<?
require_once("includes/config.php");
$db_connection = mysql_connect ($DBHost, $DBUser, $DBPass) OR die (mysql_error()); 
$db_select = mysql_select_db ($DBName) or die (mysql_error());
$db_table = $TBL_PR . "events";
 
 
$query = "SELECT * FROM $db_table WHERE event_id='$_GET[id]' LIMIT 1";
$query_result = mysql_query ($query);
while ($info = mysql_fetch_array($query_result)){
    $date = date ("l, jS F Y", mktime(0,0,0,$info['event_month'],$info['event_day'],$info['event_yea r']));
    $time_array = split(":", $info['event_time']);
    $time = date ("g:ia", mktime($time_array['0'],$time_array['1'],0,$info['event_month'],$info ['event_day'],$info['event_year']));
?>
 
//  *** Add item to Shopping Cart via link ***
$XC_AddLink1 = $_SERVER["PHP_SELF"];
if (!isset($XC_newQS) || $XC_newQS == "") {
  $XC_AddLink1 .= "?XC_AddId1=";
} else {
  $XC_AddLink1 .= "?" . $XC_newQS . "&XC_AddId1=";
}
$XC_uniqueCol1="event_id";
if (isset($_GET["XC_AddId1"])) {
  $NewRS=mysql_query($query_rsEvent, $lotties) or die(mysql_error());
  $ln = "1";
  $XC_rsName="rsEvent";
  $XC_uniqueCol = "XC_uniqueCol$ln";
  $XC_redirectTo = "../already-added.php";
  $XC_AddViaLinkRedirect = "../shopping-cart.php";
  $XC_BindingTypes=array("RS","LITERAL","RS","RS","NONE");
  $XC_BindingValues=array("event_id","1","event_title","event_price","" );
  $XC_BindingLimits=array("","","","","");
  $XC_BindingSources=array("","","","","");
  $XC_BindingOpers=array("","","","","");
  require_once('XCInc/AddToXCartViaLink.inc');
}
?>

i need to tell the
$XC_uniqueCol1="event_id";
to use the event_id='$_GET[id]'

in order to pass the correct information

i should also include the fact that the // *** Add item to Shopping Cart via link *** is getting its information from a different SQL

Code: Select all

mysql_select_db($database_lot, $lot);
$query_rsEvent = sprintf("SELECT * FROM calendar_events WHERE event_title = %s", GetSQLValueString($colname_rsEvent, "text"));
$rsEvent = mysql_query($query_rsEvent, $lotties) or die(mysql_error());
$row_rsEvent = mysql_fetch_assoc($rsEvent);
$totalRows_rsEvent = mysql_num_rows($rsEvent);

i have tried assigning the querystring to the variable

$XC_uniqueCol1="$_GET[id]";

but the link is showing a blank id

http://website.com/beta/kubelabs/event. ... XC_AddId1=

if i leave the script "asis" it is sending the first record of the database

http://website.com/beta/kubelabs/event. ... _AddId1=13

for this to work it should be reading

http://website.com/beta/kubelabs/event. ... _AddId1=14

Re: Event calender not working, need to add filter but dont

Posted: Wed Feb 20, 2013 12:00 pm
by requinix
Your post is all sorts of confusing. It looks like you've successfully opened yourself up to SQL injection by using $_GET["id"] and as far as I can tell that's working.

The best guess I have is that

Code: Select all

if (!isset($XC_newQS) || $XC_newQS == "") {
  $XC_AddLink1 .= "?XC_AddId1=";
} else {
  $XC_AddLink1 .= "?" . $XC_newQS . "&XC_AddId1=";
}
you're not actually adding the ID in there and

Code: Select all

  $ln = "1";
  $XC_rsName="rsEvent";
  $XC_uniqueCol = "XC_uniqueCol$ln";
you've hardcoded $ln=1 when you should be (?) using $_GET["id"].

Re: Event calender not working, need to add filter but dont

Posted: Wed Feb 20, 2013 1:32 pm
by jonnyfortis
$ln = "1";
this is just the quantity that is being passed

Re: Event calender not working, need to add filter but dont

Posted: Wed Feb 20, 2013 1:55 pm
by requinix
Hmm yes, that does make more sense.

Still, $XC_AddLink1 not including the ID is the best lead I have.

Re: Event calender not working, need to add filter but dont

Posted: Wed Feb 20, 2013 2:49 pm
by jonnyfortis
Still, $XC_AddLink1 not including the ID is the best lead I have.
how do you mean?

Re: Event calender not working, need to add filter but dont

Posted: Wed Feb 20, 2013 3:41 pm
by requinix
Look at the code.

Code: Select all

if (!isset($XC_newQS) || $XC_newQS == "") {
  $XC_AddLink1 .= "?XC_AddId1=";
} else {
  $XC_AddLink1 .= "?" . $XC_newQS . "&XC_AddId1=";
}
It adds the XC_AddId1= but it doesn't include the value. And I didn't see that variable get used anywhere. At all, which is probably not the case, so I can only conclude there's more code you haven't posted yet.

Re: Event calender not working, need to add filter but dont

Posted: Wed Feb 20, 2013 4:05 pm
by jonnyfortis
ok here is all the code for the page

Code: Select all

<?php require_once('XCInc/XCaddLink.inc'); ?>
<?php require_once('../Connections/lot.php'); ?>
<?
require_once("includes/config.php");
$db_connection = mysql_connect ($DBHost, $DBUser, $DBPass) OR die (mysql_error());  
$db_select = mysql_select_db ($DBName) or die (mysql_error());
$db_table = $TBL_PR . "events";

$query = "SELECT * FROM $db_table WHERE event_id='$_GET[id]' LIMIT 1";
$query_result = mysql_query ($query);
while ($info = mysql_fetch_array($query_result)){
    $date = date ("l, jS F Y", mktime(0,0,0,$info['event_month'],$info['event_day'],$info['event_year']));
    $time_array = split(":", $info['event_time']);
    $time = date ("g:ia", mktime($time_array['0'],$time_array['1'],0,$info['event_month'],$info['event_day'],$info['event_year']));
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

// *** X Shopping Cart ***
$useSessions = true;
$XCName = "LotCart";
$XCTimeout = 30;
$XC_ColNames=array("ProductID","Quantity","Name","Price","Total");
$XC_ComputedCols=array("","","","","Price");
require_once('XCInc/XCart.inc');

mysql_select_db($database_lot, $lot);
$query_rsEvent = "SELECT * FROM calendar_events";
$rsEvent = mysql_query($query_rsEvent, $lot) or die(mysql_error());
$row_rsEvent = mysql_fetch_assoc($rsEvent);
$totalRows_rsEvent = mysql_num_rows($rsEvent);

//  *** Add item to Shopping Cart via link *** 
$XC_AddLink1 = $_SERVER["PHP_SELF"];
if (!isset($XC_newQS) || $XC_newQS == "") {
  $XC_AddLink1 .= "?XC_AddId1=";
} else {
  $XC_AddLink1 .= "?" . $XC_newQS . "&XC_AddId1=";
}
$XC_uniqueCol1="event_id";
if (isset($_GET["XC_AddId1"])) {
  $NewRS=mysql_query($query_rsEvent, $lot) or die(mysql_error());
  $ln = "1";
  $XC_rsName="rsEvent";
  $XC_uniqueCol = "XC_uniqueCol$ln";
  $XC_redirectTo = "../already-added.php";
  $XC_AddViaLinkRedirect = "../shopping-cart.php";
  $XC_BindingTypes=array("RS","LITERAL","RS","RS","NONE");
  $XC_BindingValues=array("event_id","1","event_title","event_price","");
  $XC_BindingLimits=array("","","","","");
  $XC_BindingSources=array("","","","","");
  $XC_BindingOpers=array("","","","","");
  require_once('XCInc/AddToXCartViaLink.inc');
}
?>

the link to the shopping cart is

Code: Select all

<a href="<?php echo $XC_AddLink1 . $row_rsEvent[$XC_uniqueCol1]; ?>" onmouseout="MM_nbGroup('out');" onmouseover="MM_nbGroup('over','addToCart_r2_c2_s1','../images/addToCart/addToCart_r2_c2_s2.gif','../images/addToCart/addToCart_r2_c2_s3.gif',1);" onclick="MM_nbGroup('down','navbar1','addToCart_r2_c2_s1','../images/addToCart/addToCart_r2_c2_s3.gif',1);"><img name="addToCart_r2_c2_s1" src="../images/addToCart/addToCart_r2_c2_s1.gif" width="107" height="11" border="0" id="addToCart_r2_c2_s1" alt="" /></a>

do you want me to include the calander page aswell?

Re: Event calender not working, need to add filter but dont

Posted: Wed Feb 20, 2013 4:31 pm
by requinix
You sure that's all to the file? There's a } missing.

Re: Event calender not working, need to add filter but dont

Posted: Wed Feb 20, 2013 5:47 pm
by jonnyfortis
You sure that's all to the file? There's a } missing.
really??

i copied the page

Re: Event calender not working, need to add filter but dont

Posted: Wed Feb 20, 2013 6:08 pm
by requinix
Yeah: the while loop near the beginning isn't closed. That file shouldn't be running at all.

Re: Event calender not working, need to add filter but dont

Posted: Wed Feb 20, 2013 6:10 pm
by jonnyfortis
let me check and post it again

Re: Event calender not working, need to add filter but dont

Posted: Fri Feb 22, 2013 10:37 am
by jonnyfortis
here it is again, is the } still missing?

Code: Select all

<?php require_once('XCInc/XCaddLink.inc'); ?>
<?php require_once('../Connections/lot.php'); ?>
<?
require_once("includes/config.php");
$db_connection = mysql_connect ($DBHost, $DBUser, $DBPass) OR die (mysql_error());  
$db_select = mysql_select_db ($DBName) or die (mysql_error());
$db_table = $TBL_PR . "events";

$query = "SELECT * FROM $db_table WHERE event_id='$_GET[id]' LIMIT 1";
$query_result = mysql_query ($query);
while ($info = mysql_fetch_array($query_result)){
    $date = date ("l, jS F Y", mktime(0,0,0,$info['event_month'],$info['event_day'],$info['event_year']));
    $time_array = split(":", $info['event_time']);
    $time = date ("g:ia", mktime($time_array['0'],$time_array['1'],0,$info['event_month'],$info['event_day'],$info['event_year']));
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

// *** X Shopping Cart ***
$useSessions = true;
$XCName = "LotCart";
$XCTimeout = 30;
$XC_ColNames=array("ProductID","Quantity","Name","Price","Total");
$XC_ComputedCols=array("","","","","Price");
require_once('XCInc/XCart.inc');

mysql_select_db($database_lot, $lot);
$query_rsEvent = "SELECT * FROM calendar_events";
$rsEvent = mysql_query($query_rsEvent, $lotties) or die(mysql_error());
$row_rsEvent = mysql_fetch_assoc($rsEvent);
$totalRows_rsEvent = mysql_num_rows($rsEvent);

//  *** Add item to Shopping Cart via link *** 
$XC_AddLink1 = $_SERVER["PHP_SELF"];
if (!isset($XC_newQS) || $XC_newQS == "") {
  $XC_AddLink1 .= "?XC_AddId1=";
} else {
  $XC_AddLink1 .= "?" . $XC_newQS . "&XC_AddId1=";
}
$XC_uniqueCol1="event_id";
if (isset($_GET["XC_AddId1"])) {
  $NewRS=mysql_query($query_rsEvent, $lotties) or die(mysql_error());
  $ln = "1";
  $XC_rsName="rsEvent";
  $XC_uniqueCol = "XC_uniqueCol$ln";
  $XC_redirectTo = "../already-added.php";
  $XC_AddViaLinkRedirect = "../shopping-cart.php";
  $XC_BindingTypes=array("RS","LITERAL","RS","RS","NONE");
  $XC_BindingValues=array("event_id","1","event_title","event_price","");
  $XC_BindingLimits=array("","","","","");
  $XC_BindingSources=array("","","","","");
  $XC_BindingOpers=array("","","","","");
  require_once('XCInc/AddToXCartViaLink.inc');
}
?>

Re: Event calender not working, need to add filter but dont

Posted: Fri Feb 22, 2013 12:22 pm
by requinix
Yes, still missing. It doesn't look like you should have that loop in the first place, but more important is the fact that this script can't possibly run, suggesting that you're editing the wrong file(s).

Re: Event calender not working, need to add filter but dont

Posted: Fri Feb 22, 2013 1:01 pm
by jonnyfortis
Yes, still missing. It doesn't look like you should have that loop in the first place, but more important is the fact that this script can't possibly run, suggesting that you're editing the wrong file(s).
can you elaborate. also what should i be seeing if i try and run this?

Re: Event calender not working, need to add filter but dont

Posted: Fri Feb 22, 2013 1:07 pm
by requinix
Parse error: syntax error, unexpected $end in /path/to/file on line 85
The table is named "events" and the field the query searches on is "event_id". I expect that field to be unique which means the query should only return one row (if any). Since there's just the one row a loop isn't really appropriate.