Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this questionToday i'm getting this error with define categories.
The categories are defined like this:
$categorie=$_GET['categorie'];
if($categorie==nimic)
$cat="nimic";
elseif($categorie==Aventura)
$cat="Aventura";
elseif($categorie==Dragoste)
$cat="Dragoste";
elseif($categorie==Politiste)
$cat="Politiste";
elseif($categorie==Pentru-Copii)
$cat="Pentru-Copii";
elseif($categorie==Romanesti)
$cat="Romanesti";
elseif($categorie==Mistere)
$cat="Mistere";
elseif($categorie==Scient-Fiction)
$cat="Scient-Fiction";
elseif($categorie==Vampiri)
$cat="Vampiri";
elseif($categorie==Thriller)
$cat="Thriller";
elseif($categorie==Drama)
$cat="Drama";
elseif($categorie==Erotic)
$cat="Erotic";
elseif($categorie==Mitologie)
$cat="Mitologie";
The query is:
$query="SELECT *
FROM carte
WHERE categorie='$cat'
AND uploader='$username'
ORDER BY data_ad
DESC LIMIT $lista";
Well the problem is that at the first 4 $cat
is working, is displaying the results that can be edited. But at the rest of the $cat
is resulting 0 files to be edited..
In phpmyadmin i've tried manually to check the query by replacing $cat
with the category who is not working and the $username
with an valid username filled under the row up开发者_开发技巧loader.
Manually it is working. So where should be the problem? any idea?
I'm really, really uncomfortable with the way you're not using quotes. I would recommend this instead:
$categorie=$_GET['categorie'];
if($categorie=='nimic')
$cat="nimic";
elseif($categorie=='Aventura')
$cat="Aventura";
elseif($categorie=='Dragoste')
$cat="Dragoste";
elseif($categorie=='Politiste')
$cat="Politiste";
elseif($categorie=='Pentru-Copii')
$cat="Pentru-Copii";
...
Notice the metacharacter ("-") in the last category. Just sayin'... ;)
First of all it seems like whatever $categorie
is, $cat
is, so why is that code needed ?
Second, strings should ALWAYS be denoted by using quotes (' or ")
something like this should cover it:
if (isset($_GET['categorie']) && is_string($_GET['categorie'])) {
$cat = $_GET['categorie'];
}
You use hyphens in the constants (I do hope they're constants). It's interpreted as substraction, that is, Pentru-Copii
is the value of Pentru
minus the value of Copii
.
I assume the categories coming from the $_GET['categorie']
are numerical. It'd be better to create an array and use that to find the values:
$categories = array(
264 => 'Aventura',
621 => 'Dragoste',
...
);
$cat = $categories[ $_GET['categorie'] ];
Or if the category is always a string you can just do $cat = mysql_real_escape_string( $_GET[ 'categorie' ] )
.
any ideea
ever tried to print out your resulting query and run it in the phpmyadmin? and compare it with one you made in phpmyadmin?
also there is no point in such a list of elseif's.
a single line
$cat = mysql_real_escape_string($_GET['categorie']);
is enough
Emm .. are those constants there ?
Shouldnt you instead of that if-elseif fest do something like :
$category=$_GET['categorie'];
$data = array(
1 => 'nimic',
2 => 'Aventura',
3 => 'Dragoste',
4 => 'Politiste',
etc ...
);
if ( !array_key_exists( $category , $data ) )
{
$category = 1 // set default category
}
$cat = $data[ $category ];
And .. please , learn to use PDO prepared statements:
$db = new PDO('mysql:host=localhost;dbname=demo', 'login', 'password');
$sth = $db->prepare('
SELECT * FROM carte
WHERE categorie=:category AND uploader=:user
ORDER BY data_ad DESC LIMIT :limit'
);
$sth->bindParam(':category', $cat, PDO::PARAM_INT);
$sth->bindParam(':user', $username , PDO::PARAM_STR);
$sth->bindParam(':limit', $limit, PDO::PARAM_INT);
$result = $sth->fetchAll();
Edited.
FIrst you prepare an array from MySQL query, then search the array with a php function:
$categorie=$_GET['categorie'];
if(in_array($allowedCategories, $categorie)){
$cat = $categorie;
}
That's all.
精彩评论