Good day. I am writing an online store, one at a time, which I found on the Internet. In one moment, I found a snag. Products from the database are displayed completely in all categories. Does not capture cat and type variables in url (for example: ../viewCat.php?cat=canon&type=laserCartridge ):

 $ cat = $ _GET ['cat'];
         $ cat = strip_tags ($ cat);
         $ cat = mysql_real_escape_string ($ cat);
         $ cat = trim ($ cat);
     $ type = $ _GET ['type'];
         $ type = strip_tags ($ type);
         $ type = mysql_real_escape_string ($ type);
         $ type = trim ($ type);
     if (! empty ($ cat) &&! empty ($ type)) {
         $ querycat = "AND brand = '$ cat' AND type_product = '$ type'";
     } else {
         if (! empty ($ type)) {
             $ querycat = "AND type_product = '$ type'";
         } else {
             $ querycat = "";
         }
     }
     $ result = mysql_query ("SELECT * FROM products WHERE visible = '1' $ querycat ORDER BY $ sorting", $ link);
  • How did you know that he does not capture? through print_f looked? - webDev_
  • 3
    @Konstantin, here, according to the functions of mysql_ your course has long been outdated and it's time to send it to the dump. - Visman
  • <pre> $ cat = $ _GET ['cat']; $ cat = strip_tags ($ cat); $ cat = mysql_real_escape_string ($ cat); $ cat = trim ($ cat); $ type = $ _GET ['type']; $ type = strip_tags ($ type); $ type = mysql_real_escape_string ($ type); $ type = trim ($ type); if (! empty ($ cat) &&! empty ($ type)) {$ querycat = "AND brand = '$ cat' AND type_product = '$ type'"; } else {if (! empty ($ type)) {$ querycat = "AND type_product = '$ type'"; } else {$ querycat = ""; }} print_f ($ querycat); $ result = mysql_query ("SELECT * FROM products WHERE visible = '1' $ querycat ORDER BY $ sorting", $ link); </ pre> - Konstantin
  • Inserted print_f ($ querycat); before $ result - displays nothing? - Konstantin
  • printf ($ querycat); before $ reruslt does not give any result, in the past example there was an incorrect function print_f - there should have been an error reflected in the undefinde type, but nothing happened. What could all the same be in which direction to look? - Konstantin

1 answer 1

This should help you figure out what is being captured and what is not:

 $cat = $_GET['cat']; $cat = strip_tags($cat); $cat = mysql_real_escape_string($cat); $cat = trim($cat); $type = $_GET['type']; $type = strip_tags($type); $type = mysql_real_escape_string($type); $type = trim($type); if (!empty($cat) && !empty($type)){ $querycat = "AND brand='$cat' AND type_product='$type'"; }else{ if(!empty($type)){ $querycat = "AND type_product='$type'"; }else{ $querycat = ""; } } echo "<pre>"; var_dump($_GET['cat']); echo "</pre>"; echo "<pre>"; var_dump($_GET['type']); echo "</pre>"; echo "<pre>"; var_dump($querycat); echo "</pre>"; die(); $result = mysql_query("SELECT * FROM products WHERE visible='1' $querycat ORDER BY $sorting",$link);
  • Try to answer not only for those who ask questions, and comment on some sections of the code to make it easier to evaluate the answer - Vanya Avchyan