www.webdeveloper.com
Results 1 to 5 of 5

Thread: Working with intval?

  1. #1
    Join Date
    Mar 2005
    Posts
    172

    Working with intval?

    Hello Peeps,

    I'm trying to keep my data safe and clean in my database, so anything that i'm using with $_GET to retrieve a URL I want to make sure an int value is passed. IE, say my URL was:

    page.php?news_id=123
    The page would process fine

    But if it was
    page.php?news_id=dodgycode

    It would send the user away to an errow page. However with my code below if

    page.php?news_id=dodgycode

    Is entered it does not send the user to the error page. It simply outputs the message Unknown column 'dodgycode' in 'where clause'?

    Anyone help?

    PHP Code:
    <?php
    //* If the Value is an INT then continue...
    if(intval($_GET['news_id'] == $_GET['news_id']) || ($_GET['news_id'] != 0)) {

    $SQL "SELECT *from test where news_id= ".$_GET['news_id']; 

    $result mysql_query($SQL) OR die(mysql_error()); 

    $row mysql_fetch_array($result);

    echo 
    $headline $row['headline'];
    echo 
    $story  $row['story'];

    } else {

    //* Otherwise appears to be something Dodgy here so get me out of here
    header("Location: take_me_to_error_page.php");
    exit;

    }
    ?>

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,617
    I would rewrite the if condition as:
    PHP Code:
    if(!empty($_GET['news_id']) && intval($_GET['news_id'] == $_GET['news_id'])) { 
    This way you first test that there even is a news_id and that it is not 0, then if so, make sure you got an integer.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Mar 2005
    Posts
    172
    Thanks notdog, but still have that same issue.

    Say a user enters the URL as:

    page.php?news_id=dodgycode

    The code should chuck the user out to my error page, but it's not. I'm getting an Unknown column 'dodgycode' message which the user should not get as at this point they should have been chucked straight to the else statement?

    PHP Code:
    <?php 
    //* If the Value is an INT then continue... 
    if(!empty($_GET['news_id']) && intval($_GET['news_id'] == $_GET['news_id'])) { 

    $SQL "SELECT *from test where news_id= ".$_GET['news_id']; 

    $result mysql_query($SQL) OR die(mysql_error()); 

    $row mysql_fetch_array($result); 

    echo 
    $headline $row['headline']; 
    echo 
    $story  $row['story']; 

    } else { 

    //* Otherwise appears to be something Dodgy here so get me out of here 
    header("Location: take_me_to_error_page.php"); 
    exit; 


    ?>

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,617
    Upon further review, I think this will work better and be a bit cleaner:
    PHP Code:
    if(!empty($_GET['news_id']) && ctype_digit($_GET['news_id'])) { 
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  5. #5
    Join Date
    Mar 2005
    Posts
    172
    Thanks!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles