M. Sokolewicz wrote:
Jackson Linux wrote:
Hi,
This:
if (isset($_GET['r']) &&
!empty($_GET['r']) &&
($r = intval($_GET['r'])) ){
does nobody notice the last 'bit' of the if expression??
if the IF statement evaluates to true then $r _has_ been set!!!
$r = "{$_GET['r']}"; //Set the variable $r to mean the category number
gods, that's an ugly statement... why don't you simply use $r =
$_GET['r']; ????
that leaves him completely open to SQL injection.
but your right in that writing this:
$r = "{$_GET['r']}";
... is just plain wasteful, pointless and looks ugly.
and given the fact that $r is already set (see above) there is
no need to set it again at all.
I think you almost there Jackson, keep hacking :-)
$fields = '*';
$sort = "ORDER BY cv.sort";
} else {
$where = '';
$fields =
'cv.cv_id,cv.category,dates,cv.job_title,cv.company,cv.job,cv.sort,
jobcat.category';
$sort = "ORDER BY cv.sort";
}
//Make the sql based on the joining of the table and intersection table
$sql = "
SELECT
cv.cv_id,cv.category,dates,cv.job_title,cv.company,cv.job,cv.sort,jobcat
.category
FROM cv, cvjobcats, jobcat
WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = $r AND
jobcat.jobcat_id=cvjobcats.jobcat_id";
Works whenever there is an ?r= specified. When there is no r
specified it chokes on
WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = $r AND
jobcat.jobcat_id=cvjobcats.jobcat_id";
because there's no value to $r.
it also opens me up to allowing anyone to state *anything* after the ?.
So can I make an else statement which will say that if there's no r=
or a wrong r= or even no ? at all then it should print a menu to
$r's which actually exist in the database? How?
Thanks in advance!!!
You have 3 conditions in a single expression. Split that expression up
Jackson got that bit from me - I don't think he is fully aware of what that
expression is doing!
the 'sum' of those conditions determines that either $r is 'good' or 'bad'
(whether $r is garbage or not set didn't seem like a difference worth bothering
with)
into multiple expressions, so you can check each (or a combination of 2)
individually.
this is a good idea to better understand what is going on!
so, instead of:
if (isset($_GET['r']) && !empty($_GET['r']) && ($r = intval($_GET['r']))){
do:
if (isset($_GET['r'])) {
if(!empty($_GET['r']) && ($r = intval($_GET['r']))){
// do whatever
} else {
// something boring
}
} else {
// not set
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
