#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Posts
    70
    Rep Power
    4

    Event calender link to checkout not working


    i have an event calendar from Kubelabs that i have adapted. The calander is working fine and when you select event it takes you to the detail page and this shows the correct event based on the filtering the event_id

    but the problem i am having is i have a query thats send the event to the shopping cart but it is not selecting the correct variable. I dont know how to say i want the variable that has been passed by the calander - event_id='$_GET[id]' i beleive

    PHP Code:
    <?
    require_once("includes/config.php");
    $db_connection mysql_connect ($DBHost$DBUser$DBPass) OR die (mysql_error()); 
    $db_select mysql_select_db ($DBName) or die (mysql_error());
    $db_table $TBL_PR "events";
     
     
    $query "SELECT * FROM $db_table WHERE event_id='$_GET[id]' LIMIT 1";
    $query_result mysql_query ($query);
    while (
    $info mysql_fetch_array($query_result)){
        
    $date date ("l, jS F Y"mktime(0,0,0,$info['event_month'],$info['event_day'],$info['event_yea r']));
        
    $time_array split(":"$info['event_time']);
        
    $time date ("g:ia"mktime($time_array['0'],$time_array['1'],0,$info['event_month'],$info ['event_day'],$info['event_year']));
    ?>
    <?
    //  *** Add item to Shopping Cart via link ***
    $XC_AddLink1 $_SERVER["PHP_SELF"];
    if (!isset(
    $XC_newQS) || $XC_newQS == "") {
      
    $XC_AddLink1 .= "?XC_AddId1=";
    } else {
      
    $XC_AddLink1 .= "?" $XC_newQS "&XC_AddId1=";
    }
    $XC_uniqueCol1="event_id";
    if (isset(
    $_GET["XC_AddId1"])) {
      
    $NewRS=mysql_query($query_rsEvent$lotties) or die(mysql_error());
      
    $ln "1";
      
    $XC_rsName="rsEvent";
      
    $XC_uniqueCol "XC_uniqueCol$ln";
      
    $XC_redirectTo "../already-added.php";
      
    $XC_AddViaLinkRedirect "../shopping-cart.php";
      
    $XC_BindingTypes=array("RS","LITERAL","RS","RS","NONE");
      
    $XC_BindingValues=array("event_id","1","event_title","event_price","" );
      
    $XC_BindingLimits=array("","","","","");
      
    $XC_BindingSources=array("","","","","");
      
    $XC_BindingOpers=array("","","","","");
      require_once(
    'XCInc/AddToXCartViaLink.inc');
    }
    ?>
    i think i need to tell the

    PHP Code:
    $XC_uniqueCol1="event_id";
    to use the  event_id='$_GET[id]' 
    in order to pass the correct information

    i should also include the fact that the // *** Add item to Shopping Cart via link *** is getting its information from a different SQL

    PHP Code:
    mysql_select_db($database_lot$lot);
    $query_rsEvent sprintf("SELECT * FROM calendar_events WHERE event_title = %s"GetSQLValueString($colname_rsEvent"text"));
    $rsEvent mysql_query($query_rsEvent$lotties) or die(mysql_error());
    $row_rsEvent mysql_fetch_assoc($rsEvent);
    $totalRows_rsEvent mysql_num_rows($rsEvent); 
    i have tried

    PHP Code:
    $XC_uniqueCol1="$_GET[id]"
    i have tried this in different variants but it returns an empty results

    if i leave it as it was i sends the first record in the database to the cart

    http://site.com/beta/kubelabs/event.php?id=14&XC_AddId1=13

    id 13 being the first record in the DB

    PHP Code:
    $XC_AddLink1 $_SERVER["PHP_SELF"];
    if (!isset(
    $XC_newQS) || $XC_newQS == "") {
      
    $XC_AddLink1 .= "?XC_AddId1=";
    } else {
      
    $XC_AddLink1 .= "?" $XC_newQS "&XC_AddId1=";
    }
    $XC_uniqueCol1="event_id";
    if (isset(
    $_GET["XC_AddId1"])) {
      
    $NewRS=mysql_query($query_rsEvent$lotties) or die(mysql_error());
      
    $ln "1";
      
    $XC_rsName="rsEvent";
      
    $XC_uniqueCol "XC_uniqueCol$ln";
      
    $XC_redirectTo "../already-added.php";
      
    $XC_AddViaLinkRedirect "../shopping-cart.php";
      
    $XC_BindingTypes=array("RS","LITERAL","RS","RS","NONE");
      
    $XC_BindingValues=array("event_id","1","event_title","event_price","" );
      
    $XC_BindingLimits=array("","","","","");
      
    $XC_BindingSources=array("","","","","");
      
    $XC_BindingOpers=array("","","","","");
      require_once(
    'XCInc/AddToXCartViaLink.inc');


    if i replace the
    PHP Code:
    $XC_uniqueCol1="event_id"
    with
    PHP Code:
    $XC_uniqueCol1="$_GET[id]"
    it returns an empty result

    http://site.com/beta/kubelabs/event.php?id=14&XC_AddId1=


    can anyone see where i am going wrong?

    thanks in advance
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1016
    Hi,

    I'm sorry to tell you, but the code you've downloaded isn't good.

    It's vulnerable to both SQL and JavaScript injections, the MySQL library is hopelessly outdated (since 10 years, by the way), and some things are just nonsense like printing each day of the month separately or fetching a single row with a while loop or the infamous "... or die (mysql_error())". And last but not least: The code is abandoned since 2 years.

    Unless you've already invested hundreds of hours of work into this stuff, I'd simply throw it away and look for a better library, hire someone or write it yourself.

    Be aware that a lot of these "code for free" sites have very bad and unsecure code. So don't use anything you've found somewhere on the Internet. At least have somebody who knows PHP have a look at it.

    Good code is more likely to be found in active projects on professional sites like GitHub.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Posts
    70
    Rep Power
    4
    oh really, thats not good, i was hoping that it was an easy fix...
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Posts
    70
    Rep Power
    4
    ok say i build my own. the only thing i dont know how to do is build a calander. I know how to create the events i just need to build a calander that shows the title of the events in the correct date.

    any ideas
  8. #5
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1016
    Start off by making a simple calendar with one box for each day. Use the DateTime class for that, don't fumble with low-level functions like strtotime().

    After that, select all events of the calendar range and order them by date. Loop through the days of the calendar, and for each day, fetch all rows from the result set for that day. Note that the last fetched event of each day can belong to a later date, because you have to fetch an event before you can check if it even is on that date. So you have to check the last event again on the next day.

    The basic logic looks like this:
    Code:
    events :=
    	sql("
    		SELECT
    			title
    			, date
    		FROM
    			events
    		WHERE
    			(date in calendar range)
    		ORDER BY
    			date ASC
    	")
    
    event := null
    for current_date in calendar:
    	print(current_date)
    	if event = null or event.date = current_date:
    		if event = null
    			event := next(events)
    		while event != null and event.date = current_date:
    			print(event.title)
    			event := next(events)
    Selecting the events for each day separately would be a bad idea, because this would result in many, many unnecessary database queries.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo