开发者

Validating $_GET

问答 作者:

How do i validate $_GET thats the number coming from correct source.

My url look like : index.php?page=items&catID=5

When users put something like 3 which is doesn't exist on catID. I want it to display error message.

$catID = intval($_GET["catID"]);

if($catID) {
    $checkSQL = mysql_query("SELECT * FROM cate开发者_C百科gory WHERE category_type='2'");
    while($checkROW = mysql_fetch_array($checkSQL)) {
    $checkCAT != $checkROW["categoryID"];
    echo "err msg";
    }

This i can come up so far but it doesn't working as it fire error msg even in correct page.

Thank you

wallk makes a good point, there is a missing if. but if i read this correctly, wouldn't something along the lines of this be more what you are going for? Right now the line:

if($catID) {

is actually only checking if catID (or, catID from the $_GET) is non-zero (not false). My guess if you are looking to check if catID is the categoryID returned from SQL?

$catID = intval($_GET["catID"]);

checkcat($catID);

function checkcat($check_category) {
    $checkSQL = mysql_query("SELECT * FROM category WHERE category_type='2'");
    while($checkROW = mysql_fetch_array($checkSQL)) {
        if ( $check_category != $checkROW["categoryID"] ) {
            echo "err msg";
        } else { 
            echo "not an error message";
        }
    }
}

Expounding on what you are looking for, how about something like this then?

$catID = ($_GET["catID");

if ( !is_numeric($catID) ) {
    echo "Not a numeric category!"
} else {
    $checkSQLQuery = "SELECT * FROM category WHERE categoryID = '{$catID}' AND category_type='2'"
    $resultSQL = mysql_query($checkSQLQuery, $db);
    /* NOTE!:  Guessing on what your database resouce 
    pointer is - it isn't included in the origin snippet.
    Although, the last opened should be used by default if 
    this is left out. */
    if ( mysql_num_rows($resultSQL) < 1 ) {
        echo "Error message, category ID not found" 
    } else {
        echo "Found it!"
    }
}

Oh, I see. The first line inside the while loop should have an "if":

    while ($checkROW = mysql_fetch_array($checkSQL)) {
        if ($checkCAT != $checkROW["categoryID"])
            echo "err msg";

It looks like you'll be wanting to use mysql_fetch_assoc(), rather than mysql_fetch_array().

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9