PDA

View Full Version : PHP - using variable to limit output in url problem


ixian
04-20-2004, 04:03 PM
Say I have this code:


{
$sqlstr .= " AND bugs.stateid=$state";
}


Which does the following: When a link has the specific stateid in it, such as

www.test.com/bugs.php?state=1

Only items with a state of "1" are returned. This works just dandy.

Now, what I want to do is code it so that I can have a url that returns all states BUT 1. So for example, if I want to view states 1 and 2, but not 3. This is to hide tickets with a "closed" state (state 3) in vbbugs, in case anyone was wondering.

I've come up with this:


if ($state)
{
if( $state == "active" )
{
$sqlstr .= " AND bugs.stateid!=3";
}
else
{
$sqlstr .= " AND bugs.stateid=$state";
}
}


Where, if the url www.test.com/bugs.php?state=active was received, all states but state 3 would be displayed, but that doesn't seem to be working.

Obviously there is a mistake there, but I can't spot it. Any ideas? Or even a better way to do this? All I am trying to do in the end is give an option to hide closed bugs/tickets from the default display.

Thanks

Boofo
04-20-2004, 04:06 PM
Try changing this:

$sqlstr .= " AND bugs.stateid!=3";

to this:

$sqlstr .= " AND bugs.stateid!='3'";

ixian
04-20-2004, 04:17 PM
That had no effect, alas. What's weird about this is I get no error message or anything; it just doesn't hide the state.

Xenon
04-20-2004, 04:20 PM
nope, the value without the ' was correct.

but before the whole if construct you have to put $state = $_GET['state'];

ixian
04-20-2004, 04:27 PM
Curses! That didn't do it either.

Any chance I could attach the file here and have one of you take a quick look at it? I can't believe I'm having so much trouble with such a simple feature:(

ixian
04-21-2004, 04:56 PM
Figured it out.

The problem was the quotes around "active" if anyone runs into something similar in the future. Removed the quotes and it works now.

AlexanderT
04-21-2004, 05:18 PM
ixian, maybe a bit off-topic, but you should really santize your code, especially when you use URL parameters in your mysql instruction, to prevent something like a sql injection attack!

ixian
04-21-2004, 05:37 PM
Can you offer tips for the examples above? I freely admit to still being in the "learning" stage here. Any advice would be greatly appreciated.

NTLDR
04-21-2004, 08:45 PM
Take a look at the globalize() function in includes/functions.php and how vB uses it. For the above example with state:

globalize($_REQUEST, array('state' => STR_NOHTML));

Basicly means, take the variable index with the name state, from the $_REQUEST array (ie $_REQUEST['state']) make it a string with HTML removed with the variablt name $state