Posted by Jackson Linux on 10/04/61 11:10

Jochem and everyone,

Thanks, this solved the problem.

Regarding someone's much appreciated comment:

<snip>[this]...allows any user to simply change the value of "r" to
something more to
their liking. given the reset of the code that you included in your
first message, who knows what nice holes they'll find in your code when
they do that. depending on where you go with this, they could end up
with information for/about another user, a nice sql injection on your
database, the ability to hack your system, or something else equally
amusing.</snip>

I agree, and actually had thought of it. I appreciate your reminding
me. Because I am new enough that I still find a magical thrill every
time I pull *anything* from the database, I have been approaching this
from this point of view:

1. Make db
2. Try to get page to connect
3. Try to print what I want by setting the variable $r so I can point
to it
4. Fix it so that if someone asks for anything other than an existent
?r=x it kicks back a webpage which just shows links to existing pages.

Which brings me to the next question, which I'll post in a second!

Thanks again everyone!
--Jack


On 9 Mar 2005, at 11:43, Jochem Maas wrote:

> Jackson Linux wrote:
>> On 9 Mar 2005, at 11:15, Jason Barnett wrote:
>>> Jackson Linux wrote:
>>> ...
>>>
>>>> <php include_once "/path/to/cv.$r.include.php"; ?> asks for
>>>> cv.'1'.include.php ... And I need it to ask for cv.1.include.php
>>>>
>>>> How can I make a variable to fetch the literal number from the field
>>>> cv.category?
>>>
>>>
>>> Not 100% certain that it will work, but try casting the variable $r
>>> to
>>> an integer:
>>>
>>> <?php include_once "/path/to/cv." . (int) $r . ".include.php"; ?>
>>>
>>>
>> Hmmmm. If only. . .This returns, regardless of input and the value
>> of $r
>> cv.0.include.php'
>> For chuckles, I did check and the column is set in the table as INT.
>> If that matters.
>
> not really - what matters is that you understand typecasting in php.
>
> a string when cast to an integer will always be zero unless the string
> begins with numeric chars, in which case php will take all the numeric
> chars
> it finds until it comes across a char that is not numeric and return
> those chars
> (I don't know exactly how it handles decimal points and minus signs in
> such as case)
>
> echo (int) "1string";
> echo (int) "string1";
>
>> ...?
>> Jack
>
>

[Back to original message]