I'm trying to make a paginating blog using PHP, HTML, and MySQL. I wrote the code but for some reason the webpage shows up blank. What's wrong with my code? Chrome's console returns a 500 internal server error.
<div id="article">
<?php
include 'php/mysql_connect.php';
if(empty($_GET)){
$current_id = SELECT max(id) FROM posts;
}
else{
$current_id = mysql_safe_string($_GET['id']);
}
$result = mysql_safe_query('SELECT * FROM posts WHERE id=%s LIMIT 1',$current_id);
if(!mysql_num_rows($result)){
echo '<h2>No Posts Found</h2>';
exit;
}
$row = mysql_fetch_assoc($result)
echo '<h2>'.$row['title'].'</h2>';
echo '<div class="row">';
echo ' <div class="group1 col-sm-6 col-md-6">';
echo ' <span class="glyphicon glyphicon-pencil"></span><a data-toggle="collapse" data-target="#comments" class"collapsed">'.$row['num_comments'].' Comments </a>';
echo ' <span class="glyphicon glyphicon-time"></span>'.date('F j<\s\up>S</\s\up>, Y', $row['date']);
echo ' </div>';
echo '</div>';
echo '<br />';
echo '<p class="lead">'.n12br($row['body']).'</p>';
?>
<div id="comments" class="collapse" >
<div class="well">
<h4>Leave a comment</h4>
<?php echo '<form role="form" method="post" action="php/comment_add.php?id=($current_id)" class="clearfix">'; ?>
<div class="col-md-6 form-group">
<label class="sr-only" for="name">Name</label>
<input type="text" class="form-control" id="name" placeholder="Name" required />
</div>
<div class="col-md-6 form-group">
<label class="sr-only" for="email">Email</label>
<input type="email" class="form-control" id="email" placeholder="Email" required />
</div>
<div class="col-md-12 form-group">
<label class="sr-only" for="content">Comment</label>
<textarea class="form-control" id="content" placeholder="Comment" required></textarea>
</div>
<div class="col-md-12 form-group text-right">
<button type="submit" class="btn btn-primary">Submit</button>
</div>
</form>
</div>
<br>
<?php
$result = mysql_safe_query('SELECT * FROM comments WHERE post_id=%s ORDER BY date ASC',$current_id);
echo ' <ul id="comments" class="comments">';
while($row = mysql_fetch_assoc($result)){
echo ' <li class="comment">';
echo ' <div id="inline" ><h4 style="display:inline;">'.$row['name'].'</h1><sup><p style="display:inline; font-size:10px;"> '.date('j-M-Y g:ia', $row['date']).'</p></sup></div>';
echo ' <em>'.n12br($row['content']).'</em>';
echo ' </li>';
echo ' </ul>';
}
?>
<hr>
</div>
</div>
<nav>
<ul class="pager">
<?php
$newer_id = IFNULL(mysql_safe_query('SELECT min(id) FROM posts WHERE id > $current_id ORDER BY id ASC LIMIT 1'),-1);
$older_id = IFNULL (mysql_safe_query('SELECT max(id) FROM posts WHERE id < $current_id ORDER BY id ASC LIMIT 1'),-1);
if($newer_id != -1){
echo '<li><a href="#">Newer</a></li>';
}
if ($older_id != -1){
echo '<li><a href="#">Older</a></li>';
}
?>
</ul>
</nav>
This is php/mysql_connect.php, which is supposed to prevent sql injection (i got this from a tutorial):
<?php
// mysql.php
function mysql_safe_string($value) {
$value = trim($value);
if(empty($value)) return 'NULL';
elseif(is_numeric($value)) return $value;
else return "'".mysql_real_escape_string($value)."'";
}
function mysql_safe_query($query) {
$args = array_slice(func_get_args(),1);
$args = array_map('mysql_safe_string',$args);
return mysql_query(vsprintf($query,$args));
}
function redirect($uri) {
header('location:'.$uri);
exit;
}
mysql_connect('localhost','(username)','(password)');
mysql_select_db('(database)');
From the logs I locate the failure which is:
Syntax error, unexpected 'max' (T_STRING) on line 6 (if(empty($_GET)){$current_id = SELECT max(id) FROM posts})
