I have a site working locally fine with PHP

Local php version = PHP Version 4.4.3
Live version = Version 4.3.2


Ive then moved the site live to test and I keep getting the following
error

Couldn't execute query

code is as follows.

$query = "select * from categories where parentid = $catid";
$result = mysql_query($query) or die ("Couldn't execute query");
$numofrows = mysql_num_rows($result);
for($i = 0; $i < $numofrows; $i++) {
$row = mysql_fetch_array($result);
echo "<div class=\"boxfront\">";
echo "<div class=\"thumbimage\"><a
href=\"list_items.php?catid=".$row['catid']."\" class=\"a\"><img
src=\"upload/".$row['image']."\" border=\"0\"></a></div>";
echo "<div class=\"thumbtitle\"><a
href=\"list_items.php?catid=".$row['catid']."\"
class=\"a\">".$row['catname']."</a></div>";
echo "</div>";
// end constant menu
}

Dave Nash wrote:
> I have a site working locally fine with PHP
>
> Local php version = PHP Version 4.4.3
> Live version = Version 4.3.2
>
>
> Ive then moved the site live to test and I keep getting the following
> error
>
> Couldn't execute query
>
> code is as follows.
>
> $query = "select * from categories where parentid = $catid";
> $result = mysql_query($query) or die ("Couldn't execute query");

Hi Dave,

Try to get some more information about the error by using mysql_error():

$result = mysql_query($query) or die ("Couldn't execute query: " .
mysql_error());

Ruben.

On Thu, 11 Jan 2007 11:48:43 +0100, Peter van Schie
<vanschie.peter [at] gmail.com> wrote:

>Dave Nash wrote:
>> I have a site working locally fine with PHP
>>
>> Local php version = PHP Version 4.4.3
>> Live version = Version 4.3.2
>>
>>
>> Ive then moved the site live to test and I keep getting the following
>> error
>>
>> Couldn't execute query
>>
>> code is as follows.
>>
>> $query = "select * from categories where parentid = $catid";
>> $result = mysql_query($query) or die ("Couldn't execute query");
>
>Hi Dave,
>
>Try to get some more information about the error by using mysql_error():
>
>$result = mysql_query($query) or die ("Couldn't execute query: " .
>mysql_error());
>
>Ruben.

Thanks ruben.

it says.

Couldn't execute query: You have an error in your SQL syntax near ''
at line 1

But i cant seem to find the error.
I tried the same sql query directly on the live db and it wors fine.

????

Dave Nash wrote:


> Couldn't execute query: You have an error in your SQL syntax near ''
> at line 1
>
> But i cant seem to find the error.
> I tried the same sql query directly on the live db and it wors fine.
>
> ????

Hi Dave,

Same question as for the other thread: can you echo the query and post
the exact query here?

Ruben.

On Thu, 11 Jan 2007 12:16:22 +0100, Ruben van Engelenburg
<nospam [at] nospam.com> wrote:

>Dave Nash wrote:
>
>
>> Couldn't execute query: You have an error in your SQL syntax near ''
>> at line 1
>>
>> But i cant seem to find the error.
>> I tried the same sql query directly on the live db and it wors fine.
>>
>> ????
>
>Hi Dave,
>
>Same question as for the other thread: can you echo the query and post
>the exact query here?
>
>Ruben.


$query = "select * from categories WHERE parentid = $catid";
$result = mysql_query($query) or die ("Couldn't execute query: " .
mysql_error());
echo "$query";

Table is categories

CATID
PARENTID

Im trying to show all categories where the PARENTID value is the same
as the CATID value.

But it does work fine locally.

Dave Nash wrote:

> $query = "select * from categories WHERE parentid = $catid";
> $result = mysql_query($query) or die ("Couldn't execute query: " .
> mysql_error());
> echo "$query";
>
> Table is categories
>
> CATID
> PARENTID
>
> Im trying to show all categories where the PARENTID value is the same
> as the CATID value.

It could be that the variable $catid is empty, causing the query to be
invalid.
I'm not sure where $catid is being set in your script because you didn't
post that part, hence my question to echo the $query var.

Ruben.

On Thu, 11 Jan 2007 12:57:00 +0100, Ruben van Engelenburg
<nospam [at] nospam.com> wrote:

>Dave Nash wrote:
>
>> $query = "select * from categories WHERE parentid = $catid";
>> $result = mysql_query($query) or die ("Couldn't execute query: " .
>> mysql_error());
>> echo "$query";
>>
>> Table is categories
>>
>> CATID
>> PARENTID
>>
>> Im trying to show all categories where the PARENTID value is the same
>> as the CATID value.
>
>It could be that the variable $catid is empty, causing the query to be
>invalid.
>I'm not sure where $catid is being set in your script because you didn't
>post that part, hence my question to echo the $query var.
>
>Ruben.

CATID is being passed via a url

list_subs.php?catid=53

So catid should always be there.

Dave Nash wrote:

> On Thu, 11 Jan 2007 12:57:00 +0100, Ruben van Engelenburg
> <nospam [at] nospam.com> wrote:
>
> > Dave Nash wrote:
> >
> >> $query = "select * from categories WHERE parentid = $catid";
> >> $result = mysql_query($query) or die ("Couldn't execute query: " .
> >> mysql_error());
> >> echo "$query";
> >>
> >> Table is categories
> >>
> >> CATID
> >> PARENTID
> >>
> >> Im trying to show all categories where the PARENTID value is the
> same >> as the CATID value.
> >
> > It could be that the variable $catid is empty, causing the query to
> > be invalid.
> > I'm not sure where $catid is being set in your script because you
> > didn't post that part, hence my question to echo the $query var.
> >
> > Ruben.
>
> CATID is being passed via a url
>
> list_subs.php?catid=53
>
> So catid should always be there.

Sure, if register_globals is set to "on" on both the local and live
servers. Rather, get used to using $_GET["catid"] instead of $catid.

--
Kim André Akerĝ
- kimandre [at] NOSPAMbetadome.com
(remove NOSPAM to contact me directly)

Kim André Akerĝ wrote:
> Dave Nash wrote:
>
>> On Thu, 11 Jan 2007 12:57:00 +0100, Ruben van Engelenburg
>> <nospam [at] nospam.com> wrote:
>>
>>> Dave Nash wrote:
>>>
>>>> $query = "select * from categories WHERE parentid = $catid";
>>>> $result = mysql_query($query) or die ("Couldn't execute query: " .
>>>> mysql_error());
>>>> echo "$query";
>>>>
>>>> Table is categories
>>>>
>>>> CATID
>>>> PARENTID
>>>>
>>>> Im trying to show all categories where the PARENTID value is the
>> same >> as the CATID value.
>>> It could be that the variable $catid is empty, causing the query to
>>> be invalid.
>>> I'm not sure where $catid is being set in your script because you
>>> didn't post that part, hence my question to echo the $query var.
>>>
>>> Ruben.
>> CATID is being passed via a url
>>
>> list_subs.php?catid=53
>>
>> So catid should always be there.
>
> Sure, if register_globals is set to "on" on both the local and live
> servers. Rather, get used to using $_GET["catid"] instead of $catid.

As most web-hotels are turning off register_globals (which is the default
nowadays in PHP), it's better to go with that $_GET than the other way around,
but of course if downloading examples from the net, there is the problem with
those codes that they used to be written for php3 or early php4 and there
seems to be many who don't know this, which leads to threads like this one.

It's sad that the authors of those examples don't update the code and see to
that those who host them gets the new code.

--

//Aho

..oO(Kim André Akerĝ)

>Sure, if register_globals is set to "on" on both the local and live
>servers. Rather, get used to using $_GET["catid"] instead of $catid.

But _never_ use that directly in a query without validation.
Google for SQL injection.

Micha

On 11 Jan 2007 12:12:09 GMT, Kim André Akerĝ
<kimandre [at] NOSPAMbetadome.com> wrote:

>Dave Nash wrote:
>
>> On Thu, 11 Jan 2007 12:57:00 +0100, Ruben van Engelenburg
>> <nospam [at] nospam.com> wrote:
>>
>> > Dave Nash wrote:
>> >
>> >> $query = "select * from categories WHERE parentid = $catid";
>> >> $result = mysql_query($query) or die ("Couldn't execute query: " .
>> >> mysql_error());
>> >> echo "$query";
>> >>
>> >> Table is categories
>> >>
>> >> CATID
>> >> PARENTID
>> >>
>> >> Im trying to show all categories where the PARENTID value is the
>> same >> as the CATID value.
>> >
>> > It could be that the variable $catid is empty, causing the query to
>> > be invalid.
>> > I'm not sure where $catid is being set in your script because you
>> > didn't post that part, hence my question to echo the $query var.
>> >
>> > Ruben.
>>
>> CATID is being passed via a url
>>
>> list_subs.php?catid=53
>>
>> So catid should always be there.
>
>Sure, if register_globals is set to "on" on both the local and live
>servers. Rather, get used to using $_GET["catid"] instead of $catid.

regsiter globals is set to 'off' on the live server.
Ive just changed it using .htaccess and it works fine now. thanks
everyone for your help.

On Thu, 11 Jan 2007 13:20:34 +0100, Michael Fesser <netizen [at] gmx.de>
wrote:

>.oO(Kim André Akerĝ)
>
>>Sure, if register_globals is set to "on" on both the local and live
>>servers. Rather, get used to using $_GET["catid"] instead of $catid.
>
>But _never_ use that directly in a query without validation.
>Google for SQL injection.
>
>Micha

Im assuming that this change to register globals wouldnt affect my
previous post " DB Cuts of Data"

Still cant work out this issue.

..oO(Dave Nash)

>regsiter globals is set to 'off' on the live server.
>Ive just changed it using .htaccess and it works fine now.

You should fix your script instead! It's broken and insecure, providing
an easy way to wreak havoc on your database.

Micha

Message-ID: <vtacq25rp6c3jkv4stof4hm0ba0s6ng73k [at] 4ax.com> from Dave Nash
contained the following:

>
>Im assuming that this change to register globals wouldnt affect my
>previous post " DB Cuts of Data"

You should have changed the code rather than turning register globals
on. Yes it probably was causing the problem with your previous code.
--
Geoff Berrow 0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011

Michael Fesser wrote:
> .oO(Dave Nash)
>
>> regsiter globals is set to 'off' on the live server.
>> Ive just changed it using .htaccess and it works fine now.
>
> You should fix your script instead! It's broken and insecure, providing
> an easy way to wreak havoc on your database.
>
> Micha

I have to agree with Micha on this. Never set register_globals to on and
fix the script instead. This way your script is a portal for database abuse.

Ruben.