Jackson Linux wrote:
Hi,
This:
if (isset($_GET['r']) &&
!empty($_GET['r']) &&
($r = intval($_GET['r'])) ){
$r = "{$_GET['r']}"; //Set the variable $r to mean the category number
for starters WTF is the preceding statement for???
$r is already set if it exists by the expression in the if statement...
($r = intval($_GET['r'])
$fields = '*';
$sort = "ORDER BY cv.sort";
} else {
this else block will fire if $r is invalid or not set.
that means this is where you should write some code that
either redirects to the 'list' page or outputs a list somehow.
$where = '';
$fields =
'cv.cv_id,cv.category,dates,cv.job_title,cv.company,cv.job,cv.sort,
jobcat.category';
$sort = "ORDER BY cv.sort";
}
//Make the sql based on the joining of the table and intersection table
$sql = "
SELECT
cv.cv_id,cv.category,dates,cv.job_title,cv.company,cv.job,cv.sort,jobcat
.category
FROM cv, cvjobcats, jobcat
WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = $r AND
jobcat.jobcat_id=cvjobcats.jobcat_id";
Works whenever there is an ?r= specified. When there is no r specified
it chokes on
WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = $r AND
jobcat.jobcat_id=cvjobcats.jobcat_id";
because there's no value to $r.
it also opens me up to allowing anyone to state *anything* after the ?.
So can I make an else statement which will say that if there's no r= or
a wrong r= or even no ? at all then it should print a menu to $r's
which actually exist in the database? How?
you already have one - its just that your abusing it to set some completely pointless
vars that containing bits of SQL.
Thanks in advance!!!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
