[support] Block php errors from Drupal Logs
Neil: esl-lounge.com
neil at esl-lounge.com
Sun Jun 8 12:34:16 UTC 2008
Hmmm, I did declare global $user as you can see in my original code. I've
seen that I'm producing possibly insecure code, so have decided to post this
block job on the Paid Dev forum instead.
Thanks
Neil
----- Original Message -----
From: "Cog Rusty" <cog.rusty at gmail.com>
To: <support at drupal.org>
Sent: Sunday, June 08, 2008 1:28 PM
Subject: Re: [support] Block php errors from Drupal Logs
> (Sorry if this reply was sent twice, I had an email glitch)
>
> On 6/6/08, Neil: esl-lounge.com <neil at esl-lounge.com> wrote:
>> Hi,
>>
>> this is put into a block code text box, with php code filter applied.
>> Here
>> is the whole block code:
>>
>> <?php
>> global $user;
>> $result=db_query("SELECT content_type_nodeprofile.field_country_value,
>> users_1.name, users_1.uid
>> FROM ((users INNER JOIN content_type_nodeprofile ON users.uid =
>> content_type_nodeprofile.field_uid_value) INNER JOIN
>> content_type_nodeprofile AS content_type_nodeprofile_1 ON
>> content_type_nodeprofile.field_country_value =
>> content_type_nodeprofile_1.field_country_value) INNER JOIN users AS
>> users_1
>> ON content_type_nodeprofile_1.field_uid_value = users_1.uid
>> WHERE (((users.uid)=$user->uid) AND ((users_1.uid)<>$user->uid)) ORDER BY
>
>
> From your error message, you can see that $user->uid comes empty. If
> it was supposed to contain the current user, make sure that you have
> declared $user as a global before running the query:
>
> global $user;
>
> HTML entity 049 is the single quote and I am not sure where it comes
> from. Also you could use != instead of <>. But maybe these are just
> side effects of the first problem.
>
>
>> users_1.uid DESC LIMIT 5;
>> ");
>> while ($u = db_fetch_object($result)) {
>> $items[]="<li class=\"member-list\">";
>> $items[]="<a class=\"members-link\" href=\"user/$u->uid\">$u->name</a>";
>> $items[]=" <a
>> href=\"/search/user-search?filter1=$u->field_country_value\"
>> class=\"geo-link\">$u->field_country_value</a>";
>> $items[]="</li>";
>> }
>> return theme('front_page_geo_blocks', $items, "From my country");
>> ?>
>>
>> is the problem the ordering of my filters for the php filter? Where would
>> I
>> need to place the html_entity_decode() to prevent the code getting
>> mangled?
>> I don't understand how the blocks are performing as per design if the
>> code
>> is getting altered? :-S
>>
>> Thanks
>>
>> Neil
>>
>> ----- Original Message -----
>> From: "Saint-Genest Gwenael" <gwenael.saint-genest at makina-corpus.com>
>> To: <support at drupal.org>
>> Sent: Friday, June 06, 2008 6:07 PM
>> Subject: Re: [support] Block php errors from Drupal Logs
>>
>>
>> Hi,
>>
>> Where this SQL request is defined ?
>>
>> According to php error you have an HTML encoding of the SQL string
>> sent to mysql (' for "'" ... < for "<" ...). You must decode
>> string before use with something like html_entity_decode();
>>
>> Gwen
>>
>> Neil: esl-lounge.com wrote:
>>> I have some front page blocks based on nodeprofile fields which seem to
>>> be
>>>
>>> working fine and returning expected results. However my drupal logs are
>>> filling up with php errors on every view of the front page.
>>>
>>> The original sql block code is:
>>>
>>> SELECT content_type_nodeprofile.field_country_value, users_1.name,
>>> users_1.uid FROM ((users INNER JOIN content_type_nodeprofile ON
>>> users.uid
>>> = content_type_nodeprofile.field_uid_value) INNER JOIN
>>> content_type_nodeprofile AS content_type_nodeprofile_1 ON
>>> content_type_nodeprofile.field_country_value =
>>> content_type_nodeprofile_1.field_country_value) INNER JOIN users AS
>>> users_1 ON content_type_nodeprofile_1.field_uid_value = users_1.uid
>>> WHERE
>>> (((users.uid)=$user->uid) AND ((users_1.uid)<>$user->uid)) ORDER BY
>>> users_1.uid DESC LIMIT 5
>>>
>>> whereas the php error log messages are like this:
>>>
>>> You have an error in your SQL syntax; check the manual that corresponds
>>> to
>>>
>>> your MySQL server version for the right syntax to use near ') AND
>>> ((users_1.uid)<>)) ORDER BY users_1.uid DESC LIMIT 3' at line
>>> 3
>>>
>>> query: SELECT content_type_nodeprofile.field_country_value,
>>> users_1.name,
>>> users_1.uid FROM ((users INNER JOIN content_type_nodeprofile ON
>>> users.uid
>>> = content_type_nodeprofile.field_uid_value) INNER JOIN
>>> content_type_nodeprofile AS content_type_nodeprofile_1 ON
>>> content_type_nodeprofile.field_country_value =
>>> content_type_nodeprofile_1.field_country_value) INNER JOIN users AS
>>> users_1 ON content_type_nodeprofile_1.field_uid_value = users_1.uid
>>> WHERE
>>> (((users.uid)=) AND ((users_1.uid)<>)) ORDER BY users_1.uid DESC
>>> LIMIT 3; in /home/mysite/public_html/includes/database.mysql.inc on line
>>> 172.
>>>
>>> as you can see, the WHERE part of the query is being mangled. What could
>>> cause this? As I say, the blocks seem to be working perfectly so I don't
>>> get why the php errors are filling out my log files and why the WHERE
>>> part
>>>
>>> of the query is getting altered.
>>>
>>> Regards
>>>
>>> Neil
>>>
>>
>> --
>> Gwenael Saint-Genest
>> MAKINA CORPUS - www.makina-corpus.com
>> 44 boulevard des Pas Enchantés FR-44230 Saint Sébastien sur Loire
>> Tel : +33 (0) 2 40 94 96 08
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
>>
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
>>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
More information about the support
mailing list