1

I wanted to create a shortcode so I can "connect" my Coppermine gallery with my Wordpress, sadly I haven't been able to do it

I use this in my posts

[cpg album="533"]

To call this function

function cpg_shortcode( $attr ) {

    shortcode_atts(
  array(
    'album' => 1,
     ), $attr
    );
    return $album_id = $attr['album'];
    return '<script src="http://linklink.net/cpg/api-posts.php"></script>';
}
add_shortcode( 'cpg', 'cpg_shortcode' );

And this is the script file, which has no errors, it work perfectly fine, but I have to get the album id in it

    $query = mysql_query("SELECT * FROM `cpgq7_pictures` WHERE aid=$album_id ORDER BY ctime DESC LIMIT 0 , 3");

echo 'document.write(\'';
if(mysql_num_rows($query) == 0){
    echo 'No hay fotos';
} else {
    echo '<h6>';
    while($row = mysql_fetch_array($query)){
        $domain = "http://linklink.net/cpg";
        $album_url = "$domain/thumbnails.php?album=$album_id#content";
        $album_img = "$domain/albums/".$row['filepath'].'thumb_'.$row['filename'];
        echo '<a href="'.$album_url.'" target="_blank"><img src="'.$album_img.'" alt="" /></a>';
    }
    echo '<a href="'.$album_url.'" target="_blank"><img src="https://i.imgur.com/4wmomUt.png" alt="" /></a></h6>';
}
echo '\');';

When I try to get the album id from the shortcode it doesn't work

Any help is appreciated.

Improve this question
2
  • How do you try to pass the ID from the shortcode to the script file? Commented Mar 10, 2019 at 17:58
  • Warning: You are wide open to SQL Injections and should really use parameterized prepared statements instead of manually building your queries. They are provided by PDO or by MySQLi. Never trust any kind of input, especially that which comes from the client side. Even when your queries are executed only by trusted users, you are still in risk of corrupting your data. Commented Mar 10, 2019 at 18:58

1 Answer 1

Reset to default
1

I copy/pasted your shortcode and this line works as intended:

return $album_id = $attr['album'];

Returns the passed album parameter. If you want, you can use extract to have the id directly as $album available:

extract(shortcode_atts(
                array(
    'album' => 1,
                )
                , $attr));

now this looks pretty much wrong:

<script src="http://linklink.net/cpg/api-posts.php"></script>

is for javascript, it has nothing to do with php. just include the sql statement and output directly in your shortcode. changed the way of returning the data (ob_start/get_clean). also, like Dharman mentioned, check out how to execute sql statements safely.

function cpg_shortcode($attr) {

    extract(shortcode_atts(
                    array(
        'album' => 1,
                    )
                    , $attr));

    ob_start();

$query = mysql_query("SELECT * FROM `cpgq7_pictures` WHERE aid=$album ORDER BY ctime DESC LIMIT 0 , 3");
    if (mysql_num_rows($query) == 0) {
        echo 'No hay fotos';
    } else {
        echo '<h6>';
        while ($row = mysql_fetch_array($query)) {
            $domain = "http://linklink.net/cpg";
            $album_url = "$domain/thumbnails.php?album=$album#content";
            $album_img = "$domain/albums/" . $row['filepath'] . 'thumb_' . $row['filename'];
            echo '<a href="' . $album_url . '" target="_blank"><img src="' . $album_img . '" alt="" /></a>';
        }
        echo '<a href="' . $album_url . '" target="_blank"><img src="https://i.imgur.com/4wmomUt.png" alt="" /></a></h6>';
    }
    return ob_get_clean();
}
add_shortcode('cpg', 'cpg_shortcode');
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.