vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   create link to a forum using "title_clean" as tag? (https://vborg.vbsupport.ru/showthread.php?t=179056)

Marco van Herwaarden 10-30-2008 08:17 AM
I am not interested in what you expect the value to be, but in the real value. ;) You can use a vardump or echo to list the value.

If you are using query_first then you should not have te message that it is a resource id.

jfk1 10-30-2008 09:10 AM
Quote:
Originally Posted by Marco van Herwaarden (Post 1655834)
I am not interested in what you expect the value to be, but in the real value. ;) You can use a vardump or echo to list the value.

If you are using query_first then you should not have te message that it is a resource id.
well, i finally got a working piece of code! :) (curtesy of PHPbuilder.com). perhaps when u see my code, u will see how simple my question was in the first place. probably my fault, making it appear complicated.
Code:
//jfk
$forum_name="$pagetitle";

$query=("SELECT forumid FROM " . TABLE_PREFIX . "forum WHERE title='$forum_name'");
$result=mysql_query($query);
if( mysql_num_rows ($result)) //if it has a match from the database/table
{
$row=mysql_fetch_assoc($result);  //lets get that matched row's id, and create a link
$forum_link="<a href=\"/forums/forumdisplay.php?f=".$row["forumid"]."\">$forum_name&nbspForum</a>";
}
//end jfk
i now use the $var "$forum_link" whereever i want the link to appear. this is my hacked version of the code, perhaps u could suggest some tidying that would be more consistent with vbull?

Marco van Herwaarden 10-30-2008 09:20 AM
Not wrong, but not using teh vB coding standards and functions. Also, unless there is more code, you are not cleaning $forum_name before using it in a query, opening your board to SQL-Injections.

The "correct" ;) vB way to do this:

PHP Code:
$forum_name="$pagetitle"// <-- This need to be cleaned before using it in a query!!!!
$row $db->query_first("SELECT forumid FROM " TABLE_PREFIX "forum WHERE title='$forum_name' LIMIT 1");
$forum_link="<a href=\"/forums/forumdisplay.php?f=".$row["forumid"]."\">$forum_name&nbspForum</a>"

Dismounted 10-30-2008 09:40 AM
Not really following vB Coding Standards there either, Marco ;).
PHP Code:
// "Comments should precede the code they describe, rather than following it."

// "Variables should not be quoted if they do not need to be."
$forum_name $pagetitle;

// Not necessary to separate into newlines if not long, but it looks better aesthetically.
$row $db->query_first("
    SELECT forumid
    FROM " TABLE_PREFIX "forum
    WHERE title = $forum_name
    LIMIT 1
");

// "Strings should be quoted with single quotes if they contain no variables or control characters, otherwise use double quotes."
// "The choice between using string evaluations or string additions is yours to make, depending upon the circumstances."
// "Array keys should be quoted if they are strings or variables, even if you know that the variable evaluates to an integer. Quoting should follow the same rules as defined for string quoting."
$forum_link '<a href="/forums/forumdisplay.php?f=' $row['forumid'] . '">' $forum_name '&nbspForum</a>';

// This is also OK
$forum_link "<a href=\"/forums/forumdisplay.php?f=$row[forumid]\">$forum_name&nbspForum</a>"

jfk1 10-30-2008 10:53 AM
oh! i started a fight! :eek: (just kidding)
it is very nice to have TWO distinguished coders helping me with my little problem! :)
i will study comments re quotes very carefully, as i know from experince how important those little jobbies can be!

--------------- Added [DATE]1225368751[/DATE] at [TIME]1225368751[/TIME] ---------------

with regard to "cleaning" $pagetitle. i am dropping this piece into an existing script, in which $pagetitle is preset... can i not assume that this is var is clean? this will not be introduced as an $input... or from a form etc...

--------------- Added [DATE]1225370809[/DATE] at [TIME]1225370809[/TIME] ---------------

Quote:
Originally Posted by Dismounted (Post 1655887)
Not really following vB Coding Standards there either, Marco ;).
PHP Code:
// "Comments should precede the code they describe, rather than following it."

// "Variables should not be quoted if they do not need to be."
$forum_name $pagetitle;

// Not necessary to separate into newlines if not long, but it looks better aesthetically.
$row $db->query_first("
    SELECT forumid
    FROM " TABLE_PREFIX "forum
    WHERE title = $forum_name
    LIMIT 1
");

// "Strings should be quoted with single quotes if they contain no variables or control characters, otherwise use double quotes."
// "The choice between using string evaluations or string additions is yours to make, depending upon the circumstances."
// "Array keys should be quoted if they are strings or variables, even if you know that the variable evaluates to an integer. Quoting should follow the same rules as defined for string quoting."
$forum_link '<a href="/forums/forumdisplay.php?f=' $row['forumid'] . '">' $forum_name '&nbspForum</a>';

// This is also OK
$forum_link "<a href=\"/forums/forumdisplay.php?f=$row[forumid]\">$forum_name&nbspForum</a>"
hmmm... this code produces "database error" without single quotes round $forum_name in the query

--------------- Added [DATE]1225371729[/DATE] at [TIME]1225371729[/TIME] ---------------

could i ask another question please?
this code (immediately above) doesnt have an "if" condition in it, as i previously had.... does this matter? what would happen it the query fails (no match in the db)?

Dismounted 10-31-2008 05:54 AM
Quote:
Originally Posted by jfk1 (Post 1655923)
hmmm... this code produces "database error" without single quotes round $forum_name in the query
Overlooked that, sorry :).
Quote:
Originally Posted by jfk1 (Post 1655923)
could i ask another question please?
this code (immediately above) doesnt have an "if" condition in it, as i previously had.... does this matter? what would happen it the query fails (no match in the db)?
I only corrected Marco's code, but yes, you should check the data exists.
PHP Code:
// "Comments should precede the code they describe, rather than following it."

// "Variables should not be quoted if they do not need to be."
$forum_name $pagetitle;

// Not necessary to separate into newlines if not long, but it looks better aesthetically.
$row $db->query_first("
    SELECT forumid
    FROM " TABLE_PREFIX "forum
    WHERE title = '$forum_name'
    LIMIT 1
");

if (!empty($row))
{
    // "Strings should be quoted with single quotes if they contain no variables or control characters, otherwise use double quotes."
    // "The choice between using string evaluations or string additions is yours to make, depending upon the circumstances."
    // "Array keys should be quoted if they are strings or variables, even if you know that the variable evaluates to an integer. Quoting should follow the same rules as defined for string quoting."
    $forum_link '<a href="/forums/forumdisplay.php?f=' $row['forumid'] . '">' $forum_name '&nbspForum</a>';

    // This is also OK
    $forum_link "<a href=\"/forums/forumdisplay.php?f=$row[forumid]\">$forum_name&nbspForum</a>";


jfk1 10-31-2008 10:35 AM
thanx for reply (and amendment). could u comment on "cleaning" $pagetitle. am i correct in my assumption?

Marco van Herwaarden 11-06-2008 12:17 PM
Create Secure Mods

jfk1 11-07-2008 07:54 PM
Quote:
Originally Posted by Marco van Herwaarden (Post 1660432)
thanx for reply, and for useful link. i am sure i will need this info in near future :)
regards

--------------- Added [DATE]1226095204[/DATE] at [TIME]1226095204[/TIME] ---------------

while i am here, would u like to comment on the following? this is the reciprocal link back to "page" from the forum
Code:
//jfk
$home_pageid = $forumTitle;

$page_link = '<a href="/index.php?pageid=' . $home_pageid . '">' . $home_pageid . '&nbspPage</a>';

//end jfk


All times are GMT. The time now is 06:19 PM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01687 seconds
  • Memory Usage 1,775KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (4)bbcode_php_printable
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (9)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete