Reply to Re: mysql query (int)

Your name:

Reply:


Posted by Michael Fesser on 08/21/07 21:59

..oO(Ron Eggler)

>I want to do a mysql query and need an int for this but i get the value as
>string, so i tried this:
> if ($_POST['seminar']!="") //seminar defined?
> {

Better:

if (!empty($_POST['seminar'])) {

Your code will throw a notice in case $_POST['seminar'] is not
available. Unlikely, but possible.

> $seminar=$_POST['seminar']; //get seminar from post
> $attending=$_POST['attending']; // get attending from post
> // convert string to int
> if ($attending=="1")
> $INTatt==1;
> [...]

For converting an int to a string there's intval().

But the above won't work at all - it's no assignment, but a comparison.

> if (is_int($INTatt))
> echo "int";
> $query="UPDATE seminar SET taken = taken+".$INTatt." where `time-date`
>= '".$seminar."'";

No need for concatenation here, you can embed the variables directly
into the string (that's what the double-quotes are for!):

$query = "
UPDATE seminar
SET taken = taken+$INTatt
WHERE `time-date` = '$seminar'";

> mysql_query($query);
> }
>It doesn't print "int" as it should when going thru is_int(). Why is this
>variable $INTatt no int?

You should set your error_reporting to E_ALL in your php.ini - you will
get some notices about undefined variables. The '==' operator performs a
comparison, not an assignment. The $INTatt variable is never set to any
value at all. In short:

== != =

SCNR

>I don't get it... is there another possibility of
>realizing this? the field taken is an int in the db (apparently).

Just check that $_POST['attending'] exists and is numeric, then do
whatever you want with it:

if (isset($_POST['attending']) && is_numeric($_POST['attending'])) {
...
} else {
// error
}

Or explicitly cast to a string with intval() if you want to accept even
invalid values (might result in the value '0').

Then, if the value of $attending has to be in a particular range, just
do that with a simple if-statement:

if ($attending >= 1 && $attending <= 3) {
...
} else {
// error
}

You also have to perform some checking on the seminar variable!
Currently it's used directly as posted in the query - an invitation for
SQL injection (google that). Consider to use PDO and prepared statements
to be safe when doing database operations with user-submitted values.

HTH
Micha

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация