On 10 Mar 2005, at 07:38, Jochem Maas wrote:
Jackson Linux wrote:Okay, guys,
I hope I'm getting closer with your help here but I am still highly confused (that's actually a general blanket statement these days).
I've taken your advice and made several changes,
On 9 Mar 2005, at 13:44, Jochem Maas wrote:That makes sense now.M. Sokolewicz wrote:
Jackson Linux wrote:
Hi, This:
if (isset($_GET['r']) && !empty($_GET['r']) && ($r = intval($_GET['r'])) ){
does nobody notice the last 'bit' of the if expression?? if the IF statement evaluates to true then $r _has_ been set!!!I see that now; thanks, I removed it
$r = "{$_GET['r']}"; //Set the variable $r to mean the category number
gods, that's an ugly statement... why don't you simply use $r = $_GET['r']; ????
that leaves him completely open to SQL injection. but your right in that writing this:
$r = "{$_GET['r']}";
... is just plain wasteful, pointless and looks ugly. and given the fact that $r is already set (see above) there is no need to set it again at all.Thanks for the encouragement! But there's more...I think you almost there Jackson, keep hacking :-)
No, I didn't and I actually still don't. I've implemented the change below, breaking up the if(isset)$_GET['r']) bit (making it easier to follow indeed, thank you!) but I am confused as to how to break that three-condition statement split based on that change.
$sort = "ORDER BY cv.sort";
} else {
$where = '';
$fields = 'cv.cv_id,cv.category,dates,cv.job_title,cv.company,cv.job,cv.sort, jobcat.category';
$sort = "ORDER BY cv.sort";
}
//Make the sql based on the joining of the table and intersection table
$sql = "
SELECT cv.cv_id,cv.category,dates,cv.job_title,cv.company,cv.job,cv.sort,j ob cat .category
FROM cv, cvjobcats, jobcat
WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = $r AND jobcat.jobcat_id=cvjobcats.jobcat_id";
Works whenever there is an ?r= specified. When there is no r specified it chokes on
WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = $r AND jobcat.jobcat_id=cvjobcats.jobcat_id";
because there's no value to $r.
it also opens me up to allowing anyone to state *anything* after the ?.
So can I make an else statement which will say that if there's no r= or a wrong r= or even no ? at all then it should print a menu to $r's which actually exist in the database? How?
Thanks in advance!!!
You have 3 conditions in a single expression. Split that expression up
Jackson got that bit from me - I don't think he is fully aware of what that
expression is doing!
the 'sum' of those conditions determines that either $r is 'good' or 'bad'
(whether $r is garbage or not set didn't seem like a difference worth bothering
with)
The code below is where I am now. I'm trying to document a bit better, and clean it up. And I still don't have any clue as to how to make it redirect if someone requests no ?r= or a bad one. Can someone help please?into multiple expressions, so you can check each (or a combination of 2) individually.
this is a good idea to better understand what is going on!
so, instead of:
if (isset($_GET['r']) && !empty($_GET['r']) && ($r = intval($_GET['r']))){
do:
if (isset($_GET['r'])) {
if(!empty($_GET['r']) && ($r = intval($_GET['r']))){
// do whatever
} else {
// something boring
}
} else {
// not set
}
<snip>
if (isset($_GET['r'])) {
if(!empty($_GET['r']) && ($r = intval($_GET['r']))){
$fields = '*';
$where = "WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = '$r' AND jobcat.jobcat_id=cvjobcats.jobcat_id";
$sort = "ORDER BY cv.sort"; // Assemble the category items in r=x
} else {
// Is this where I'd say IF no $r is set then redirect?
}
}
all you need is 1 if (or if/else) statement, note that my example is the logical reverse of the first if statement I posted (in reply to your question):
if (!isset($_GET['r']) || empty($_GET['r']) || !($r = intval($_GET['r']))) {
// _GET['r'] is either not set, empty or not a positive int greater than zero.
// the required var is 'bad' so lets redirect the user.
if (!headers_sent()) {
header('location: /yourRvarsucks.php');
} else {
// you'll have to figure out what to do yourself
// if you want to redirect and headers have already been sent!
}
exit;
}
// now comes the rest of the script (build SQL, run it, output the data)
$where = "WHERE cvjobcats.cv_id=cv.cv_id AND cvjobcats.jobcat_id = '$r' AND jobcat.jobcat_id=cvjobcats.jobcat_id";
$sort = "ORDER BY cv.sort";
// etc etc ...
Whhooo.
I created this:
$badr = "" )
1. I believe that this:
if (!isset($_GET['r']) || empty($_GET['r']) || !($r = intval($_GET['r']))) {
// _GET['r'] is either not set, empty or not a positive int greater than zero.
// the required var is 'bad' so lets redirect the user.
if (!headers_sent()) {
header('location: {$_SERVER['PHP_SELF']}#bookmark');
} else {
// you'll have to figure out what to do yourself
// if you want to redirect and headers have already been sent!
}
exit;
}
should kick back anyone who uses a bad or no $r to the location:
{$_SERVER['PHP_SELF']}#bookmark
However two problems:
1. This is dumb, I'm sure, but when I test this on its own it loops into a constant redirect, as the page reloads itself (PHP_SELF), hits the header location and tries again. I want it to keep the same page name (file.htm) but load a conditional menu if the request is for a non-existent or bad $r
2. Mustn't I also speficy what to do in the event that the $r is good?
Would that be just continuing the script:
if (isset($_GET['r'])) {
if(!empty($_GET['r']) && ($r = intval($_GET['r']))){
} else {
// And if so, then why do I need the IF statement here at all? Shouldn't this be a WHILE?
}
}
// now comes the rest of the script (build SQL, run it, output the data)
??
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
