Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

fetch data in wordpress page resulting in page not found 1

Status
Not open for further replies.

thep1

IS-IT--Management
Oct 8, 2012
25
US
hello,
I created a template page in wordpress and want to get data from MySQL db table. when I pass the parameter in the search box I get Page NOT Found error.

here is the code in my template page

Code:
<?php /*Template Name: ReportSearch-5 */

get_header(); ?>

	<?php do_action( 'spacious_before_body_content' ); ?>

	<div id="primary">
		<div id="content" class="clearfix">
			<?php while ( have_posts() ) : the_post(); ?>

				<?php get_template_part( 'content', 'page' ); ?>
					 
                     <form method="get" action="reportsearch2.php">
                     <input type="text" name="FetchReport" placeholder="Enter Report # To Search">
					 <input type="submit" value="Search" id="mySearch">
                     </form>
                   
<!-- Report Search code here  -->                  
                     <?php
					 
					 
$results = $wpdb->get_results( "SELECT * FROM wp_ilabs_reportsearch where reportnumber=' $_GET[FetchReport] '" ); // Query to fetch data from database table and storing in $results
if(!empty($results))                        // Checking if $results have some values or not
{    
    echo "<table width='100%' border='0'>"; // Adding <table> and <tbody> tag outside foreach loop so that it wont create again and again
    echo "<tbody>";      
    foreach($results as $row){   
    $userip = $row->user_ip;               //putting the user_ip field value in variable to use it later in update query
    echo "<tr>";                           // Adding rows of table inside foreach loop
    echo "<th>ID</th>" . "<td>" . $row->report . "</td>";
    echo "</tr>";
    echo "<td colspan='2'><hr size='1'></td>";
    echo "<tr>";        
    echo "<th>User IP</th>" . "<td>" . $row->cushape . "</td>";   //fetching data from user_ip field
    echo "</tr>";
    echo "<td colspan='2'><hr size='1'></td>";
    echo "<tr>";        
    echo "<th>Post ID</th>" . "<td>" . $row->col . "</td>";
    echo "</tr>";
    echo "<td colspan='2'><hr size='1'></td>";
    echo "<tr>";        
    echo "<th>Time</th>" . "<td>" . $row->cla . "</td>";
    echo "</tr>";
    echo "<td colspan='2'><hr size='1'></td>";
    }
    echo "</tbody>";
    echo "</table>"; 

}
?>
              
                     
                     
                     
                     
				<?php
					do_action( 'spacious_before_comments_template' );
					// If comments are open or we have at least one comment, load up the comment template
					if ( comments_open() || '0' != get_comments_number() )
						comments_template();
	      		do_action ( 'spacious_after_comments_template' );
				?>

			<?php endwhile; ?>

		</div><!-- #content -->
	</div><!-- #primary -->

	<?php spacious_sidebar_select(); ?>

	<?php do_action( 'spacious_after_body_content' ); ?>

<?php get_footer(); ?>

if i remove the $_GET[FetchReport] and add a value that exists in the table then i get records but i am trying to get the value by providing a search in the input textbox.

when i input value in search textbox and click Search button i get
i dont know much on wordpress so i dont know if this is wordpress issue or code. hopefully someone can point out what am i doing wrong. i checked out so many videos and samples on php but in this case its not working for me.
 
found the solution.

had to change the Permalinks to "Post name"


and changed the code for these 2 lines

Code:
<form method="get">

$results = $wpdb->get_results( "SELECT * FROM wp_ilabs_reportsearch where reportnumber= $_GET[FetchReport] " );

 
Hi

thep1 said:
[pre]$results = $wpdb->get_results( "SELECT * FROM wp_ilabs_reportsearch where reportnumber= $_GET[FetchReport] " );[/pre]
That is an invitation for Bobby Tables. I suggest to read the linked site, it explains in simple terms why not to do it like that and how to do it instead. ( Or just search the web for "sql injection", there are tons of sites about the subject. )


Feherke.
feherke.github.io
 
thanks for that advise feherke. pretty scary stuff.

now my question is what should be the approach i should take to accomplish this? i am not too familiar with php and MySQL stuff. is there some example you or someone can provide?
 
Hi

I am not familiar with WordPress, so just based on what the Bobby Tables site suggests for WordPress and the official documentation of [tt]wpdb::get_results()[/tt] and [tt]wpdb::prepare()[/tt] :
Code:
[navy]$results[/navy] [teal]=[/teal] [navy]$wpdb[/navy][teal]->[/teal][COLOR=orange]get_results[/color][teal]([/teal][navy]$wpdb[/navy][teal]->[/teal][COLOR=orange]prepare[/color][teal]([/teal][i][green]"SELECT * FROM wp_ilabs_reportsearch where reportnumber= %s"[/green][/i][teal],[/teal] [navy]$_GET[/navy][teal][[/teal][i][green]'FetchReport'[/green][/i][teal]]))[/teal]

Feherke.
feherke.github.io
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top