|
|
Posted by Jochem Maas on 10/04/87 11:10
Jackson Linux wrote:
> Hi,
> This:
>
> if (isset($_GET['r']) &&
> !empty($_GET['r']) &&
> ($r = intval($_GET['r'])) ){
> $r = "{$_GET['r']}"; //Set the variable $r to mean the category number
for starters WTF is the preceding statement for???
$r is already set if it exists by the expression in the if statement...
($r = intval($_GET['r'])
> $fields = '*';
> $sort = "ORDER BY cv.sort";
> } else {
this else block will fire if $r is invalid or not set.
that means this is where you should write some code that
either redirects to the 'list' page or outputs a list somehow.
> $where = '';
> $fields =
> 'cv.cv_id,cv.category,dates,cv.job_title,cv.company,cv.job,cv.sort,
> jobcat.category';
> $sort = "ORDER BY cv.sort";
> }
>
> //Make the sql based on the joining of the table and intersection table
> $sql = "
> SELECT
> cv.cv_id,cv.category,dates,cv.job_title,cv.company,cv.job,cv.sort,jobcat
> .category
> FROM cv, cvjobcats, jobcat
> WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = $r AND
> jobcat.jobcat_id=cvjobcats.jobcat_id";
>
> Works whenever there is an ?r= specified. When there is no r specified
> it chokes on
>
> WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = $r AND
> jobcat.jobcat_id=cvjobcats.jobcat_id";
>
> because there's no value to $r.
>
> it also opens me up to allowing anyone to state *anything* after the ?.
>
> So can I make an else statement which will say that if there's no r= or
> a wrong r= or even no ? at all then it should print a menu to $r's
> which actually exist in the database? How?
you already have one - its just that your abusing it to set some completely pointless
vars that containing bits of SQL.
>
> Thanks in advance!!!
>
Navigation:
[Reply to this message]
|