create link to a forum using "title_clean" as tag?

[Marco van Herwaarden]

I am not interested in what you expect the value to be, but in the real value. You can use a vardump or echo to list the value.

If you are using query_first then you should not have te message that it is a resource id.

[jfk1]

Quote:

Originally Posted by Marco van Herwaarden

I am not interested in what you expect the value to be, but in the real value. You can use a vardump or echo to list the value.

If you are using query_first then you should not have te message that it is a resource id.

well, i finally got a working piece of code! (curtesy of PHPbuilder.com). perhaps when u see my code, u will see how simple my question was in the first place. probably my fault, making it appear complicated.

Code:

//jfk
$forum_name="$pagetitle";

$query=("SELECT forumid FROM " . TABLE_PREFIX . "forum WHERE title='$forum_name'");
$result=mysql_query($query);
if( mysql_num_rows ($result)) //if it has a match from the database/table
{
$row=mysql_fetch_assoc($result);  //lets get that matched row's id, and create a link
$forum_link="<a href=\"/forums/forumdisplay.php?f=".$row["forumid"]."\">$forum_name&nbspForum</a>";
}
//end jfk

i now use the $var "$forum_link" whereever i want the link to appear. this is my hacked version of the code, perhaps u could suggest some tidying that would be more consistent with vbull?

[Marco van Herwaarden]

Not wrong, but not using teh vB coding standards and functions. Also, unless there is more code, you are not cleaning $forum_name before using it in a query, opening your board to SQL-Injections.

The "correct" vB way to do this:

PHP Code:

$forum_name="$pagetitle"; // <-- This need to be cleaned before using it in a query!!!!
$row = $db->query_first("SELECT forumid FROM " . TABLE_PREFIX . "forum WHERE title='$forum_name' LIMIT 1");
$forum_link="<a href=\"/forums/forumdisplay.php?f=".$row["forumid"]."\">$forum_name&nbspForum</a>"; 


[Dismounted]

Not really following vB Coding Standards there either, Marco .

PHP Code:

// "Comments should precede the code they describe, rather than following it."

// "Variables should not be quoted if they do not need to be."
$forum_name = $pagetitle;

// Not necessary to separate into newlines if not long, but it looks better aesthetically.
$row = $db->query_first("
    SELECT forumid
    FROM " . TABLE_PREFIX . "forum
    WHERE title = $forum_name
    LIMIT 1
");

// "Strings should be quoted with single quotes if they contain no variables or control characters, otherwise use double quotes."
// "The choice between using string evaluations or string additions is yours to make, depending upon the circumstances."
// "Array keys should be quoted if they are strings or variables, even if you know that the variable evaluates to an integer. Quoting should follow the same rules as defined for string quoting."
$forum_link = '<a href="/forums/forumdisplay.php?f=' . $row['forumid'] . '">' . $forum_name . '&nbspForum</a>';

// This is also OK
$forum_link = "<a href=\"/forums/forumdisplay.php?f=$row[forumid]\">$forum_name&nbspForum</a>"; 


[jfk1]

oh! i started a fight! (just kidding)
it is very nice to have TWO distinguished coders helping me with my little problem!
i will study comments re quotes very carefully, as i know from experince how important those little jobbies can be!

--------------- Added [DATE]1225368751[/DATE] at [TIME]1225368751[/TIME] ---------------

with regard to "cleaning" $pagetitle. i am dropping this piece into an existing script, in which $pagetitle is preset... can i not assume that this is var is clean? this will not be introduced as an $input... or from a form etc...

--------------- Added [DATE]1225370809[/DATE] at [TIME]1225370809[/TIME] ---------------

Quote:

Originally Posted by Dismounted

Not really following vB Coding Standards there either, Marco .

PHP Code:

// "Comments should precede the code they describe, rather than following it."

// "Variables should not be quoted if they do not need to be."
$forum_name = $pagetitle;

// Not necessary to separate into newlines if not long, but it looks better aesthetically.
$row = $db->query_first("
    SELECT forumid
    FROM " . TABLE_PREFIX . "forum
    WHERE title = $forum_name
    LIMIT 1
");

// "Strings should be quoted with single quotes if they contain no variables or control characters, otherwise use double quotes."
// "The choice between using string evaluations or string additions is yours to make, depending upon the circumstances."
// "Array keys should be quoted if they are strings or variables, even if you know that the variable evaluates to an integer. Quoting should follow the same rules as defined for string quoting."
$forum_link = '<a href="/forums/forumdisplay.php?f=' . $row['forumid'] . '">' . $forum_name . '&nbspForum</a>';

// This is also OK
$forum_link = "<a href=\"/forums/forumdisplay.php?f=$row[forumid]\">$forum_name&nbspForum</a>"; 


hmmm... this code produces "database error" without single quotes round $forum_name in the query

--------------- Added [DATE]1225371729[/DATE] at [TIME]1225371729[/TIME] ---------------

could i ask another question please?
this code (immediately above) doesnt have an "if" condition in it, as i previously had.... does this matter? what would happen it the query fails (no match in the db)?

[Dismounted]

Quote:

Originally Posted by jfk1

hmmm... this code produces "database error" without single quotes round $forum_name in the query

Overlooked that, sorry .

Quote:

Originally Posted by jfk1

could i ask another question please?
this code (immediately above) doesnt have an "if" condition in it, as i previously had.... does this matter? what would happen it the query fails (no match in the db)?

I only corrected Marco's code, but yes, you should check the data exists.

PHP Code:

// "Comments should precede the code they describe, rather than following it."

// "Variables should not be quoted if they do not need to be."
$forum_name = $pagetitle;

// Not necessary to separate into newlines if not long, but it looks better aesthetically.
$row = $db->query_first("
    SELECT forumid
    FROM " . TABLE_PREFIX . "forum
    WHERE title = '$forum_name'
    LIMIT 1
");

if (!empty($row))
{
    // "Strings should be quoted with single quotes if they contain no variables or control characters, otherwise use double quotes."
    // "The choice between using string evaluations or string additions is yours to make, depending upon the circumstances."
    // "Array keys should be quoted if they are strings or variables, even if you know that the variable evaluates to an integer. Quoting should follow the same rules as defined for string quoting."
    $forum_link = '<a href="/forums/forumdisplay.php?f=' . $row['forumid'] . '">' . $forum_name . '&nbspForum</a>';

    // This is also OK
    $forum_link = "<a href=\"/forums/forumdisplay.php?f=$row[forumid]\">$forum_name&nbspForum</a>";
} 


[jfk1]

thanx for reply (and amendment). could u comment on "cleaning" $pagetitle. am i correct in my assumption?

[Marco van Herwaarden]

Create Secure Mods

[jfk1]

Quote:

Originally Posted by Marco van Herwaarden

Create Secure Mods

thanx for reply, and for useful link. i am sure i will need this info in near future
regards

--------------- Added [DATE]1226095204[/DATE] at [TIME]1226095204[/TIME] ---------------

while i am here, would u like to comment on the following? this is the reciprocal link back to "page" from the forum

Code:

//jfk
$home_pageid = $forumTitle;

$page_link = '<a href="/index.php?pageid=' . $home_pageid . '">' . $home_pageid . '&nbspPage</a>';

//end jfk