|
|
Posted by Peter Fox on 02/21/07 09:24
>
>And the receiving script would do something like this:
>
><?php
>$book_id = intval($_GET['recordnum']);
>mysql_connect('hostname','username','password');//of you mysql db
>mysql_select_db('catalogue');
>$bookresult = mysql_query('SELECT * FROM `book` WHERE `id` =
>'.$book_id);
>if(mysql_num_rows($bookresult) > 0){
> $book = mysql_fetch_assoc($bookresult);
> foreach($book as $key => $value){
> print $key.':'.$value.'<br>';
> }
>} else {
> echo 'Book not found in database.';
>}
>?>
Ask why
$book_id = intval($_GET['recordnum']);
is used early on in the script and is it there just to 'keep things
tidy'? What naughty things could happen if it was just
$book_id = $_GET['recordnum'];
Supplementary question: What would you do here if you were getting a
string instead of a number to use in your SQL?
Another supplementary question: Why would it be a _bad_ idea to 'be
helpful' with the 'not found' message by echoing back the input as
follows:
$recno = GET['recordnum'];
print("Sorry we could not find your request for $recno");
--
PETER FOX Not the same since the submarine business went under
peterfox@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>
Navigation:
[Reply to this message]
|