Channel Entries tag showing entry even when specified not to
How Do I?
I have a template showing an entry, and at the bottom of the page is a list of three related (most viewed) entries within the channel - this is outside the entry’s channel entry tag.
I use an exp:query tag to get the current entry id and category id based on the url title, and both of those numbers go into a second channel entries tag.
However, I’ve got entry_id=”not {entryid}” (entryid is from the query), and it’s still showing that entry information.
Query:
{exp:query sql="SELECT cat_id AS catid, entry_id AS entryid FROM exp_category_posts WHERE entry_id = (SELECT entry_id from exp_channel_titles where url_title = '{segment_3}')"}which is wrapped around the second channel:entries tag:
{exp:channel:entries channel="blog" parse="inward" limit="3" sticky="no" entry_id="not {entryid}" orderby="view_count_one|entry_date" sort="desc" category="{catid}" category_group="4" dynamic="no" show_expired="no" show_future_entries="no" status="open" disable="member_data|pagination|trackbacks"}I’ve turned on template debugging and the numbers are being passed correctly to the channel:entries tag, but I’m not sure if the view_count_one is overriding that?
Example here (ignore all the broken images): http://dev.dawnchyld.com/en/blog/entry/should-you-lease-your-equipment-in-atlantic-canada
Thanks!
This sounds like a parse order issue to me. As an experiment, try putting the channel entries loop into its own template, and then embed that template inside the query tag loop. It’s less efficient, but may get around any parse order issues. You shouldn’t need the parse=”inward” attribute if you do this.
One other thing I noticed - you’re putting an unescaped segment tag inside your query. This is a security risk - you need to ensure that all user input is escaped in the query tag.
I’ve tried it in an embedded template, passing the entry id and the category id. I’ve also added the parse=”inward” attribute, and neither seem to work.
This is my first time developing a site in EE from the ground up, so there are a few things I’m probably missing and didn’t learn when I was just doing maintenance. Would I have to go full on PHP to escape the variable, or is there another way to do it?
Thanks.
Please could you post the parent template and child (embedded) template so we can see it in context? You shouldn’t need parse=”inward” if you’re doing it that way.
Yes, you would need to enable PHP (parse on output) to escape the segment variable. You would use code like this:
<?php echo ee()->db->escape_str('{segment_3}'); ?>More info about preventing SQL injection in ExpressionEngine
I’ve just realised what your problem is. The query should look like this (with PHP enabled on output):
{exp:query sql="SELECT GROUP_CONCAT(cat_id separator '|') AS catid, entry_id AS entryid FROM exp_category_posts WHERE entry_id = (SELECT entry_id from exp_channel_titles where url_title = '<?php echo ee()->db->escape_str('{segment_3}'); ?>')"}The GROUP_CONCAT turns the rows in the result set into pipe-delimited category ids, which is what the channel entries tag expects.
Try the above using your original template (i.e. not using an embedded template) because if it works it’ll be more efficient.
I appreciate your help!
I tried running this, but I got the following error:
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'how-innovation-engineering-will-help-your-business'); ?>')' at line 1
SELECT GROUP_CONCAT(cat_id separator '|') AS catid, entry_id AS entryid FROM exp_category_posts WHERE entry_id = (SELECT entry_id from exp_channel_titles where url_title = 'db->escape_str('how-innovation-engineering-will-help-your-business'); ?>')
Filename: modules/query/mod.query.php
Line Number: 53Here is the page template with the html stripped out.
{exp:channel:entries channel="blog" limit="1" track_views="one" pagination="bottom" dynamic="yes" parse="inward"}
removed html displaying channel entry comments
{embed="_inc/blog_search"} google search box,
{exp:channel:categories category_group="4" channel="blog" style="linear" show_empty="no" status="open" backspace="3"}
Listing of categories for the channel
{/exp:channel:categories}
pagination is in here too somewhere
{/exp:channel:entries}
Old query that works
{exp:query sql="SELECT cat_id AS catid, entry_id AS entryid FROM exp_category_posts WHERE entry_id = (SELECT entry_id from exp_channel_titles where url_title = '{segment_3}')"}
{!--exp:query sql="SELECT GROUP_CONCAT(cat_id separator '|') AS catid, entry_id AS entryid FROM exp_category_posts WHERE entry_id = (SELECT entry_id from exp_channel_titles where url_title = '<?php echo ee()->db->escape_str('{segment_3}'); ?>')"--}
{exp:channel:entries channel="blog" parse="inward" limit="3" sticky="no" entry_id="not {entryid}" orderby="view_count_one" sort="desc" category="{catid}" category_group="4" dynamic="no" show_expired="no" show_future_entries="no" status="open" disable="member_data|pagination|trackbacks"}
removed html to display the top three viewed entries in the same channel this current entry is in, but hopefully not this entry
{/exp:channel:entries}
{/exp:query}I’m running EE2.10.3
OK, perhaps it’s the nested single quotes caused by the inline PHP. Try just using {segment_3} (temporarily) instead of the escaped variable:
{exp:query sql="SELECT GROUP_CONCAT(cat_id separator '|') AS catid, entry_id AS entryid FROM exp_category_posts WHERE entry_id = (SELECT entry_id from exp_channel_titles where url_title = '{segment_3}')"}I’ve tried the above SQL in my query analyser (using a sample URL title) and it worked fine, so the SQL is definitely valid.
If the above works, then you might need to use a plugin to escape the segment variable, rather than inline PHP. Take a look at the Escape plugin.