Reply to Re: [PHP] Re: Question re empty query

Your name:

Reply:


Posted by Jochem Maas on 10/02/55 11:10

M. Sokolewicz wrote:
> Jackson Linux wrote:
>
>> Hi,
>> This:
>>
>> if (isset($_GET['r']) &&
>> !empty($_GET['r']) &&
>> ($r = intval($_GET['r'])) ){

does nobody notice the last 'bit' of the if expression??
if the IF statement evaluates to true then $r _has_ been set!!!

>> $r = "{$_GET['r']}"; //Set the variable $r to mean the category number
>
> gods, that's an ugly statement... why don't you simply use $r =
> $_GET['r']; ????

that leaves him completely open to SQL injection.
but your right in that writing this:

$r = "{$_GET['r']}";

.... is just plain wasteful, pointless and looks ugly.
and given the fact that $r is already set (see above) there is
no need to set it again at all.

I think you almost there Jackson, keep hacking :-)

>
>> $fields = '*';
>> $sort = "ORDER BY cv.sort";
>> } else {
>> $where = '';
>> $fields =
>> 'cv.cv_id,cv.category,dates,cv.job_title,cv.company,cv.job,cv.sort,
>> jobcat.category';
>> $sort = "ORDER BY cv.sort";
>> }
>>
>> //Make the sql based on the joining of the table and intersection table
>> $sql = "
>> SELECT
>> cv.cv_id,cv.category,dates,cv.job_title,cv.company,cv.job,cv.sort,jobcat
>> .category
>> FROM cv, cvjobcats, jobcat
>> WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = $r AND
>> jobcat.jobcat_id=cvjobcats.jobcat_id";
>>
>> Works whenever there is an ?r= specified. When there is no r
>> specified it chokes on
>>
>> WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = $r AND
>> jobcat.jobcat_id=cvjobcats.jobcat_id";
>>
>> because there's no value to $r.
>>
>> it also opens me up to allowing anyone to state *anything* after the ?.
>>
>> So can I make an else statement which will say that if there's no r=
>> or a wrong r= or even no ? at all then it should print a menu to
>> $r's which actually exist in the database? How?
>>
>> Thanks in advance!!!
>
> You have 3 conditions in a single expression. Split that expression up

Jackson got that bit from me - I don't think he is fully aware of what that
expression is doing!

the 'sum' of those conditions determines that either $r is 'good' or 'bad'
(whether $r is garbage or not set didn't seem like a difference worth bothering
with)

> into multiple expressions, so you can check each (or a combination of 2)
> individually.

this is a good idea to better understand what is going on!

>
> so, instead of:
> if (isset($_GET['r']) && !empty($_GET['r']) && ($r = intval($_GET['r']))){
>
> do:
> if (isset($_GET['r'])) {
> if(!empty($_GET['r']) && ($r = intval($_GET['r']))){
> // do whatever
> } else {
> // something boring
> }
> } else {
> // not set
> }
>

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация