开发者

Query problem not working [closed]

开发者 https://www.devze.com 2023-04-06 17:34 出处:网络
Closed. This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this po
Closed. This question needs to be more focused. It is not currently accepting answers.

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 8 years ago.

Improve this question

Today i'm getting this error with define categories.

The categories are defined like this:

 $categorie=$_GET['categorie'];    
 if($categorie==nimic)    
 $cat="nimic";    
 elseif($categorie==Aventura)    
 $cat="Aventura";    
 elseif($categorie==Dragoste)    
 $cat="Dragoste";    
 elseif($categorie==Politiste)    
 $cat="Politiste";    
 elseif($categorie==Pentru-Copii)    
 $cat="Pentru-Copii";    
 elseif($categorie==Romanesti)    
 $cat="Romanesti";    
 elseif($categorie==Mistere)    
 $cat="Mistere";    
 elseif($categorie==Scient-Fiction)    
 $cat="Scient-Fiction";    
 elseif($categorie==Vampiri)    
 $cat="Vampiri";    
 elseif($categorie==Thriller)    
 $cat="Thriller";    
 elseif($categorie==Drama)    
 $cat="Drama";    
 elseif($categorie==Erotic)    
 $cat="Erotic";    
 elseif($categorie==Mitologie)    
 $cat="Mitologie";

The query is:

 $query="SELECT *    
 FROM carte    
 WHERE categorie='$cat'    
 AND uploader='$username'    
 ORDER BY data_ad    
 DESC LIMIT $lista";

Well the problem is that at the first 4 $cat is working, is displaying the results that can be edited. But at the rest of the $cat is resulting 0 files to be edited..

In phpmyadmin i've tried manually to check the query by replacing $cat with the category who is not working and the $username with an valid username filled under the row up开发者_开发技巧loader.

Manually it is working. So where should be the problem? any idea?


I'm really, really uncomfortable with the way you're not using quotes. I would recommend this instead:

$categorie=$_GET['categorie'];
if($categorie=='nimic')
$cat="nimic";
elseif($categorie=='Aventura')
$cat="Aventura";
elseif($categorie=='Dragoste')
$cat="Dragoste";
elseif($categorie=='Politiste')
$cat="Politiste";
elseif($categorie=='Pentru-Copii')
$cat="Pentru-Copii";
...

Notice the metacharacter ("-") in the last category. Just sayin'... ;)


First of all it seems like whatever $categorie is, $cat is, so why is that code needed ?

Second, strings should ALWAYS be denoted by using quotes (' or ")

something like this should cover it:

if (isset($_GET['categorie']) && is_string($_GET['categorie'])) {
    $cat = $_GET['categorie'];
}


You use hyphens in the constants (I do hope they're constants). It's interpreted as substraction, that is, Pentru-Copii is the value of Pentru minus the value of Copii.

I assume the categories coming from the $_GET['categorie'] are numerical. It'd be better to create an array and use that to find the values:

$categories = array(
    264 => 'Aventura',
    621 => 'Dragoste',
    ...
);

$cat = $categories[ $_GET['categorie'] ];

Or if the category is always a string you can just do $cat = mysql_real_escape_string( $_GET[ 'categorie' ] ).


any ideea

ever tried to print out your resulting query and run it in the phpmyadmin? and compare it with one you made in phpmyadmin?

also there is no point in such a list of elseif's.
a single line

$cat = mysql_real_escape_string($_GET['categorie']);

is enough


Emm .. are those constants there ?

Shouldnt you instead of that if-elseif fest do something like :

$category=$_GET['categorie'];
$data = array( 
    1 => 'nimic', 
    2 => 'Aventura',
    3 => 'Dragoste',
    4 => 'Politiste',
        etc ...
);

if ( !array_key_exists( $category , $data )  )
{
   $category = 1 // set default category
}

$cat = $data[ $category ];

And .. please , learn to use PDO prepared statements:

$db = new PDO('mysql:host=localhost;dbname=demo', 'login', 'password');
$sth = $db->prepare('
   SELECT * FROM carte
   WHERE categorie=:category AND uploader=:user
   ORDER BY data_ad DESC LIMIT :limit'
);
$sth->bindParam(':category', $cat, PDO::PARAM_INT);
$sth->bindParam(':user', $username , PDO::PARAM_STR);
$sth->bindParam(':limit', $limit, PDO::PARAM_INT);
$result = $sth->fetchAll();


Edited.

FIrst you prepare an array from MySQL query, then search the array with a php function:

$categorie=$_GET['categorie'];

if(in_array($allowedCategories, $categorie)){
  $cat = $categorie;
}

That's all.

0

精彩评论

暂无评论...
验证码 换一张
取 消