|
|
Posted by Jackson Linux on 10/04/57 11:10
Okay, guys,
I hope I'm getting closer with your help here but I am still highly
confused (that's actually a general blanket statement these days).
I've taken your advice and made several changes,
On 9 Mar 2005, at 13:44, Jochem Maas wrote:
> M. Sokolewicz wrote:
>> Jackson Linux wrote:
>>> Hi,
>>> This:
>>>
>>> if (isset($_GET['r']) &&
>>> !empty($_GET['r']) &&
>>> ($r = intval($_GET['r'])) ){
>
> does nobody notice the last 'bit' of the if expression??
> if the IF statement evaluates to true then $r _has_ been set!!!
That makes sense now.
>
>>> $r = "{$_GET['r']}"; //Set the variable $r to mean the category
>>> number
>> gods, that's an ugly statement... why don't you simply use $r =
>> $_GET['r']; ????
>
> that leaves him completely open to SQL injection.
> but your right in that writing this:
>
> $r = "{$_GET['r']}";
>
> ... is just plain wasteful, pointless and looks ugly.
> and given the fact that $r is already set (see above) there is
> no need to set it again at all.
I see that now; thanks, I removed it
> I think you almost there Jackson, keep hacking :-)
>
Thanks for the encouragement! But there's more...
>>>
>>> $sort = "ORDER BY cv.sort";
>>> } else {
>>> $where = '';
>>> $fields =
>>> 'cv.cv_id,cv.category,dates,cv.job_title,cv.company,cv.job,cv.sort,
>>> jobcat.category';
>>> $sort = "ORDER BY cv.sort";
>>> }
>>>
>>> //Make the sql based on the joining of the table and intersection
>>> table
>>> $sql = "
>>> SELECT
>>> cv.cv_id,cv.category,dates,cv.job_title,cv.company,cv.job,cv.sort,job
>>> cat .category
>>> FROM cv, cvjobcats, jobcat
>>> WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = $r AND
>>> jobcat.jobcat_id=cvjobcats.jobcat_id";
>>>
>>> Works whenever there is an ?r= specified. When there is no r
>>> specified it chokes on
>>>
>>> WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = $r AND
>>> jobcat.jobcat_id=cvjobcats.jobcat_id";
>>>
>>> because there's no value to $r.
>>>
>>> it also opens me up to allowing anyone to state *anything* after the
>>> ?.
>>>
>>> So can I make an else statement which will say that if there's no r=
>>> or a wrong r= or even no ? at all then it should print a menu to
>>> $r's which actually exist in the database? How?
>>>
>>> Thanks in advance!!!
>> You have 3 conditions in a single expression. Split that expression up
>
> Jackson got that bit from me - I don't think he is fully aware of what
> that
> expression is doing!
>
> the 'sum' of those conditions determines that either $r is 'good' or
> 'bad'
> (whether $r is garbage or not set didn't seem like a difference worth
> bothering
> with)
>
No, I didn't and I actually still don't. I've implemented the change
below, breaking up the if(isset)$_GET['r']) bit (making it easier to
follow indeed, thank you!) but I am confused as to how to break that
three-condition statement split based on that change.
>> into multiple expressions, so you can check each (or a combination of
>> 2) individually.
>
> this is a good idea to better understand what is going on!
>
>> so, instead of:
>> if (isset($_GET['r']) && !empty($_GET['r']) && ($r =
>> intval($_GET['r']))){
>> do:
>> if (isset($_GET['r'])) {
>> if(!empty($_GET['r']) && ($r = intval($_GET['r']))){
>> // do whatever
>> } else {
>> // something boring
>> }
>> } else {
>> // not set
>> }
>
The code below is where I am now. I'm trying to document a bit better,
and clean it up. And I still don't have any clue as to how to make it
redirect if someone requests no ?r= or a bad one. Can someone help
please?
<snip>
if (isset($_GET['r'])) {
if(!empty($_GET['r']) && ($r = intval($_GET['r']))){
$fields = '*';
$where = "WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id =
'$r' AND jobcat.jobcat_id=cvjobcats.jobcat_id";
$sort = "ORDER BY cv.sort"; // Assemble the category items in
r=x
} else {
// Is this where I'd say IF no $r is set then redirect?
}
}
//Make the sql based on the joining of the table and intersection table
$sql = "
SELECT
cv.cv_id,cv.category,dates,cv.job_title,cv.company,cv.job,cv.sort,jobcat
..category
FROM cv, cvjobcats, jobcat
$where
$sort
";
$result = mysql_query($sql);
$cv = mysql_fetch_assoc($result);
$table_of_contents = array();
$result = mysql_query($sql);
if (!$result) {
echo "Could not successfully run query ($sql) from DB: " .
mysql_error();
exit;
}
if (mysql_num_rows($result) == 0) {
echo "No rows found, nothing to print so am exiting";
exit;
}
</snip>
Thanks in advance!!
--Jack
[Back to original message]
|