Page 1 of 1

sql query returns "none" though there are some rec

Posted: Mon Apr 21, 2003 2:27 pm
by minds_gifts
Hello,

I'm deleting sub-topics and before that I want to check if there are any articles present under this sub-topic.If there are any, the sub-topic is not deleted else it gets deleted.
I tried to delete the sub-topics and ir-respective of the articles present under each sub-topic, the sub-topic gets deleted.
I tried to debug and it always returns "there are none"

Could somebody please take a look at the part of my code where the problem would be.

Code: Select all

// if you have chosen subtopics to delete 
if(isset($HTTP_POST_VARS['action'])){ 
   $qry3="SELECT SUBTOPIC_ID FROM subtopic WHERE SUBTOPIC_ID='".$HTTP_POST_VARS['SUBTOPIC_ID']."'"; 
   $result_3=mysql_query($qry3) or die(mysql_error()); 
// begin the query  
   $subtopic_id=$HTTP_POST_VARS['SUBTOPIC_ID'];
   echo $subtopic_id; 
   $result_sub=mysql_query("SELECT * FROM articles WHERE SUBTOPIC_ID='$subtopic_id' ");
   if (mysql_numrows($result_sub)>0)
     echo "there is more than zero";
   else
     echo "there are none";

   $qry4 = "DELETE FROM subtopic WHERE SUBTOPIC_ID IN('" . implode("','", $HTTP_POST_VARS['to_delete']) . "')";

   while($row_4=mysql_fetch_row($result_sub)){ 
      if(isset($HTTP_POST_VARS[$row_4->SUBTOPIC_ID])){  
// the checkboxes were named for the subtopic_id 
         $qry4 .= "OR SUBTOPIC_ID=".$row_4->SUBTOPIC_ID; 
// add this subtopic to the query string 
      } 
   } 
   mysql_query($qry4) or die(mysql_error()); 
}

Thought

Posted: Thu Apr 24, 2003 5:49 pm
by thomas777neo
Try and replace your '".$HTTP_POST_VARS['SUBTOPIC_ID']."'" variable with a static variable e.g. 1. I have a feeling it has something to with that.

After doing that, echo all yout SQL statements and run them one by one in your database to see what the problem is.

I'm pretty new to all this, so if this help is insulting-> I only tried to help

Enjoy

Posted: Fri Apr 25, 2003 6:15 am
by Wayne

Code: Select all

if (mysql_numrows($result_sub)>0)

this should be

Code: Select all

if (mysql_num_rows($result_sub)>0)

Posted: Fri Apr 25, 2003 6:19 am
by []InTeR[]
Why are you doing

Code: Select all

$qry3="SELECT SUBTOPIC_ID FROM subtopic WHERE SUBTOPIC_ID='".$HTTP_POST_VARSї'SUBTOPIC_ID']."'"; 
   $result_3=mysql_query($qry3) or die(mysql_error()); 
// begin the query  
   $subtopic_id=$HTTP_POST_VARSї'SUBTOPIC_ID'];
If the subtopic_id is not vailid, the next query will give no result.
So they can't 'hack' your program that way.