If Statements

[Manny]

I currently have the code shown below, basically what it does is takes a number, if it is left blank, less than 1 or greater than the number of rows in my database table it will redirect to the "notfound.php" page.However, if somebody types any other character than a number, the page displays but without the content I want.What do I need to add to my statement to make sure that only integers work, anything else will redirect it to the "notfound.php" page.

$id = $_GET["id"];if ($id == "" || $id < 1 || $id > mysql_num_rows($result)) { header( 'Location: notfound.php' ) ; }

Thanks

[jeffman]

I haven't tested it, but it looks okay.

$id = $_GET["id"];if (	 empty($id)		 || !is_int($id)			|| $id < 1 			   || $id > mysql_num_rows($result))	 {		 header( 'Location: notfound.php' );	 }

[jhecht]

$id = (isset($_GET['id'])) ? $_GET['id'] : false;//on some servers if id isn't in the query string, you'll get a "warning:undefind index," which gets really annoying.if(!is_numeric($id) || $id < mysql_num_rows($result) || $id < 1) header('location:notfound.php');I use is_numeric because i tried is_int awhile back numbers that were integers (1,2,3,4 etc) and everytime it would say that they weren't integers, however, is_numeric does it correctly. Maybe it'll be different for you, but i use is_numeric from past experiences. maybe it was a bug fix, I haven't tried it as of PHP5.

[Manny]

Thanks for the replies guys, Deirdre's doesn't seem to work, everything was redirecting for some reason.However, Jhecht's solution did work, just one thing needed to be changed and that was the < before mysql_num_rows, it's supposed to be >Thanks for the help, much appreciated.

[jeffman]

Oops

[Manny]

Right, I'm now trying to get this to work on a fully working webpage, so that if the $id isn't present in the database it will redirect to a not found page.Here is my code

<? $id = (isset($_GET['id'])) ? $_GET['id'] : false; \\Connect$dbname="database";$dbselectok = mysql_select_db($dbname,$connection) or die("Couldn't select database.");$sqlstatement = "SELECT * FROM `search` WHERE `ID` = '$id'";$sql_result = mysql_query($sqlstatement,$connection) or die("<BR /><BR /><span class=\"c3\">Page could not be displayed.</span>");//variableswhile ($row = mysql_fetch_array($sql_result)){$article = $row["ID"];$date = $row["Date"];$titleno = $row["Title"];$link = $row["Link"];$description = $row["Description"];$keywords = $row["Keywords"];$image = $row["Image"];$thumb = $row["Thumb"];$imagetitle = $row["Image Title"];$story = $row["Story"];$relatedlinks = $row["Related Links"];\\CONTENT}?>\\STATIC CONTENT MADE USING HTML</div></body></html>\\Disconnect

I just don't know where to put the code (below) without bringing up an error message saying the headers have already been sent.

if(!is_numeric($id) || $id > mysql_num_rows($result) || $id < 1) header('location:notfound.php');

[jhecht]

You can't have the HTML outputted before a redirect You can try to use ob_start(), but i don't know if it'll work like that. You should download a template class to keep your PHP and HTML separate.

[Manny]

Nope, can't get it working.I've tried taking the "or die" out of the SQL commands and also taken the HTML out after the PHP tags have closed. Also tried putting the if statement in different places and just keep getting errors.

[jeffman]

The output we're talking about can be as simple as one blank space or one newline. It doesn't have to be inside the HTML tags. It just has to be outside the PHP tags, and specifically before the tags containing the header command.

[Manny]

Right, I am now working off the code below. The redirection works if the $id isn't found in the database, but if it is I just get a blank white screen. Any ideas what is missing?

<?php$id = (isset($_GET['id'])) ? $_GET['id'] : false;$con = mysql_connect("localhost", "burndena_username", "password");$db_selected = mysql_select_db("database",$con);$sql = "SELECT * FROM search";$result = mysql_query($sql,$con);if(!is_numeric($id) || $id > mysql_num_rows($result) || $id < 1) header('location:notfound.php');file_get_contents('http://www.burndenaces.co.uk/news/article.php?id=$id');mysql_close($con);?>

[Manny]

Aswell as the code shown in my previous post, I also have the following code, which has changed from the file_get_contents to another header redirect. But still doesn't work.

<?php$id = (isset($_GET['id'])) ? $_GET['id'] : false;$con = mysql_connect("localhost", "username", "password");$db_selected = mysql_select_db("database",$con);$sql = "SELECT * FROM search";$result = mysql_query($sql,$con);if(!is_numeric($id) || $id > mysql_num_rows($result) || $id < 1) header('location:notfound.php');header('location:article.php?id=$id');mysql_close($con);?>

[Manny]

I seem to have solved my problem by executing a PHP include instead of trying to redirect.Here is the code that fully works.

<?php$id = (isset($_GET['id'])) ? $_GET['id'] : false;$con = mysql_connect("localhost", "username", "password");$db_selected = mysql_select_db("database",$con);$sql = "SELECT * FROM search";$result = mysql_query($sql,$con);if(!is_numeric($id) || $id > mysql_num_rows($result) || $id < 1) header('location:notfound.php');include "http://www.burndenaces.co.uk/news/article.php?id=$id";mysql_close($con);?>