[jfk1]

oh! i started a fight! (just kidding)
it is very nice to have TWO distinguished coders helping me with my little problem!
i will study comments re quotes very carefully, as i know from experince how important those little jobbies can be!

--------------- Added [DATE]1225368751[/DATE] at [TIME]1225368751[/TIME] ---------------

with regard to "cleaning" $pagetitle. i am dropping this piece into an existing script, in which $pagetitle is preset... can i not assume that this is var is clean? this will not be introduced as an $input... or from a form etc...

--------------- Added [DATE]1225370809[/DATE] at [TIME]1225370809[/TIME] ---------------

Quote:

Originally Posted by Dismounted

Not really following vB Coding Standards there either, Marco .

PHP Code:

// "Comments should precede the code they describe, rather than following it."

// "Variables should not be quoted if they do not need to be."
$forum_name = $pagetitle;

// Not necessary to separate into newlines if not long, but it looks better aesthetically.
$row = $db->query_first("
    SELECT forumid
    FROM " . TABLE_PREFIX . "forum
    WHERE title = $forum_name
    LIMIT 1
");

// "Strings should be quoted with single quotes if they contain no variables or control characters, otherwise use double quotes."
// "The choice between using string evaluations or string additions is yours to make, depending upon the circumstances."
// "Array keys should be quoted if they are strings or variables, even if you know that the variable evaluates to an integer. Quoting should follow the same rules as defined for string quoting."
$forum_link = '<a href="/forums/forumdisplay.php?f=' . $row['forumid'] . '">' . $forum_name . '&nbspForum</a>';

// This is also OK
$forum_link = "<a href=\"/forums/forumdisplay.php?f=$row[forumid]\">$forum_name&nbspForum</a>"; 


hmmm... this code produces "database error" without single quotes round $forum_name in the query

--------------- Added [DATE]1225371729[/DATE] at [TIME]1225371729[/TIME] ---------------

could i ask another question please?
this code (immediately above) doesnt have an "if" condition in it, as i previously had.... does this matter? what would happen it the query fails (no match in the db)?