404 Error Page Questions

[TheMovieman]

Hi!

 

I actually have a couple of questions regarding creating a 404 error page.

 

1) My pages are formed via a SQL database but when a wrong address is put in, it will display the template code without the info (example: http://www.moviemansguide.com/reviews/DVD/...id=doesntexist)

 

When I want to do is when the id isn't found, it will display page not found but still using the format (menu on the side, etc).

 

Here's part of the code within the "head" section:

 

><head>

<?php

include '*removed*';

$id = $_GET['id'];

$titleinfo = @mysql_query("SELECT title, year, edition, hddvd FROM dvd_reviews WHERE id='$id'");
if (!$titleinfo) {
 exit('<p>Error retrieving information from database.<br />'.
     'Error: ' . mysql_error() . '</p>');
}

while ($info = mysql_fetch_array($titleinfo)) {
$title = $info['title'];
$year = $info['year'];
$edition = $info['edition'];
$display_edition = ($edition)?" - $edition":"";
$hddvd = $info['hddvd'];
$display_hddvd = ($hddvd)?"[$hddvd]":"";
echo "<title>Movieman's Guide to the Movies >> DVD Review >> $title ($year)$display_edition 

$display_hddvd</title>";
}
?>

<link rel="stylesheet" type="text/css" href="../../styles.css">
<link rel="stylesheet" type="text/css" href="../../style_extra.css">

<?PHP include ("/home2/moviema/public_html/external/headsection.html"); ?>


</head>

 

---------------

 

Question 2

 

2) Can I create a 404.php error page. What I want to do, like above, is to use my current page style. Problem is, I use php includes for the menus so I don't think I can do this with the shtml extension. What code do I need to put into my .htaccess file to redirect to my 404.php page? Is it allowable?

 

I tried adding this code into the htaccess file:

ErrorDocument 404 /notfound.php

 

But it doesn't seem to do anything...

 

Appreciate any help

- Brian

 

Edited February 9, 2008 by TheMovieman

[TCH-Bruce]

Add the following to your .htaccess file and create the page as 404.htm

 

>AddType application/x-httpd-php .htm .html
ErrorDocument 404 /404.htm

 

This will allow you to parse php information in html files.

[TheMovieman]

Hi Bruce,

 

I just tried that and it didn't work. I get the standard, "The webpage cannot be found" 404 page.

[TCH-Bruce]

Is the 404.htm file in your root folder?

[TheMovieman]

Well, it's under the public_html one (where the other error pages are located that were created using cpanel).

 

Interestingly, I have set the 404.htm page when someone gets 404 error, that information gets sent to a special e-mail address, so I don't understand why the page itself isn't showing up if the info is getting to that e-mail address...

Edited February 10, 2008 by TheMovieman

[TCH-Bruce]

What is sending an email?

[TheMovieman]

It's a script I found for setting up a 404 page:

 

><HTML> 
<HEAD> 
<title> 404 Error Page</title> 
</HEAD> 
<BODY> 
<p align="center"> 

<h1>Error 404</h1><br>Page Not Found 

<p>
<?php 

$ip = getenv ("REMOTE_ADDR"); 

$requri = getenv ("REQUEST_URI"); 
$servname = getenv ("SERVER_NAME"); 
$combine = $ip . " tried to load " . $servname . $requri ; 

$httpref = getenv ("HTTP_REFERER"); 
$httpagent = getenv ("HTTP_USER_AGENT");

$today = date("D M j Y g:i:s a T"); 

$note = "Yes you have been bagged and tagged for a making an illegal move" ; 

$message = "$today \n 
<br> 
$combine <br> \n 
User Agent = $httpagent \n 
<h2> $note </h2>\n 
<br> $httpref "; 

$message2 = "$today \n 
$combine \n 
User Agent = $httpagent \n 
$note \n 
$httpref "; 

$to = "error@moviemansguide.com"; 
$subject = "moviemansguide Error Page"; 
$from = "From: fake@moviemansguide.com\r\n"; 

mail($to, $subject, $message2, $from); 

echo $message; 
?> 

</BODY></HTML>

[TCH-Andy]

Looking at this, I think there may be confusion over what pages are found ....

 

The link you provided ( www.moviemansguide.com/reviews/DVD/read.php?id=doesntexist )

 

The page ( reviews/DVD/read.php ) does exist ... hence you will not get a 404 error for that page

 

The 'id' ( doesntexist ) that you pass to the read.php script though does not exist. Hence you need to check within read.php to see if that exists, and if not provide the error page.

 

Reading your question at the top, I think this is what you were asking about - but it has become confused because of the title of the thread ( about 404 errors ).

 

 

I've summarised your code here but where you have

>$titleinfo = @mysql_query("SELECT title, year, edition, hddvd FROM dvd_reviews WHERE id='$id'");
if (!$titleinfo) {
exit('<p>Error retrieving information from database.<br />'.
'Error: ' . mysql_error() . '</p>');
}

while ($info = mysql_fetch_array($titleinfo)) {
***print out title info ***
}

 

 

I would change it to something like

>$titleinfo = @mysql_query("SELECT title, year, edition, hddvd FROM dvd_reviews WHERE id='$id'");
if (!$titleinfo) {
exit('<p>Error retrieving information from database.<br />'.
'Error: ' . mysql_error() . '</p>');
}

$num_rows = mysql_num_rows($titleinfo);
   
//if query result is empty, returns NULL, otherwise, returns an array containing the selected fields and their values
if($num_rows == NULL)
{
	*** print out whatever you want on your 'not found' page ***
}
else
{
	while ($info = mysql_fetch_array($titleinfo)) {
	  ***print out title info ***
}
}

[TheMovieman]

Thanks Andy. Yeah, I mis-used terms.

 

I'll give that a try and see how it goes.

 

[TheMovieman]

Ok, I gave it a try, but I still can't figure out how to format it around my design.

 

Take a look (this review does not exist):

http://www.moviemansguide.com/reviews/DVD/...t.php?id=batman

 

It looks like I'll need to change the code of the entire page to get it inside the "else" statement, correct?

 

BTW, when going to an existing review, the page will display like normal so there are no errors.

Edited February 11, 2008 by TheMovieman

[TCH-Andy]

Basically your page has all the header / outline information ( including the top menu and left panel), then the content, then the footer information. So you will need to include all the content part of your site within the 'else' part of the site, yes ( just move where the brackets are, so they are round your content).

[TheMovieman]

I tried that, but got a syntax error (unexpected T_VARIABLE)... I thought maybe it had something to do with double quotes but I changed those out and still get the error.

[TheMovieman]

I decided instead of having to change the code so much, I just had it redirected to my 404 error page (still under construction).

 

Thanks Andy for the code, though, it really helped!

Edited February 11, 2008 by TheMovieman

[OJB]

just had a look at this, i know the thread is slightly old... but there seems to be a security issue:

 

 

>$id = $_GET['id'];

$titleinfo = @mysql_query("SELECT title, year, edition, hddvd FROM dvd_reviews WHERE id='$id'");

 

What this will allow anyone to do is put whatever they want into the query

 

you would execute a mysql statement for whatever they put after ID... this is a big risk because it could result in some variety of sql-injection

 

I would suggest first of all doing the following:

 

>$id = $_GET['id'];

$safequery = sprintf("SELECT title, year, edition, hddvd FROM dvd_reviews WHERE id='%s'", mysql_real_escape_string($id));
$titleinfo = @mysql_query($safequery);

 

mysql_real_escape_string() will stop any dodgy SQL statements from being executed!

 

 

as an additional security measure you could do a regular expression on the $id and strip out any non-alphanumeric characters... (unless some of your id's contain them)

Edited February 20, 2008 by OJB

[TheMovieman]

Thanks OJB! Fixed all the pages with those vulnerabilities