Jump to content

If Statements


Manny
 Share

Recommended Posts

I currently have the code shown below, basically what it does is takes a number, if it is left blank, less than 1 or greater than the number of rows in my database table it will redirect to the "notfound.php" page.However, if somebody types any other character than a number, the page displays but without the content I want.What do I need to add to my statement to make sure that only integers work, anything else will redirect it to the "notfound.php" page.

$id = $_GET["id"];if ($id == "" || $id < 1 || $id > mysql_num_rows($result)) { header( 'Location: notfound.php' ) ; }
Thanks
Link to comment
Share on other sites

$id = (isset($_GET['id'])) ? $_GET['id'] : false;//on some servers if id isn't in the query string, you'll get a "warning:undefind index," which gets really annoying.if(!is_numeric($id) || $id < mysql_num_rows($result) || $id < 1) header('location:notfound.php');I use is_numeric because i tried is_int awhile back numbers that were integers (1,2,3,4 etc) and everytime it would say that they weren't integers, however, is_numeric does it correctly. Maybe it'll be different for you, but i use is_numeric from past experiences. maybe it was a bug fix, I haven't tried it as of PHP5.

Link to comment
Share on other sites

Thanks for the replies guys, Deirdre's doesn't seem to work, everything was redirecting for some reason.However, Jhecht's solution did work, just one thing needed to be changed and that was the < before mysql_num_rows, it's supposed to be >Thanks for the help, much appreciated. :)

Link to comment
Share on other sites

Right, I'm now trying to get this to work on a fully working webpage, so that if the $id isn't present in the database it will redirect to a not found page.Here is my code

<? $id = (isset($_GET['id'])) ? $_GET['id'] : false; \\Connect$dbname="database";$dbselectok = mysql_select_db($dbname,$connection) or die("Couldn't select database.");$sqlstatement = "SELECT * FROM `search` WHERE `ID` = '$id'";$sql_result = mysql_query($sqlstatement,$connection) or die("<BR /><BR /><span class=\"c3\">Page could not be displayed.</span>");//variableswhile ($row = mysql_fetch_array($sql_result)){$article = $row["ID"];$date = $row["Date"];$titleno = $row["Title"];$link = $row["Link"];$description = $row["Description"];$keywords = $row["Keywords"];$image = $row["Image"];$thumb = $row["Thumb"];$imagetitle = $row["Image Title"];$story = $row["Story"];$relatedlinks = $row["Related Links"];\\CONTENT}?>\\STATIC CONTENT MADE USING HTML</div></body></html>\\Disconnect
I just don't know where to put the code (below) without bringing up an error message saying the headers have already been sent.
if(!is_numeric($id) || $id > mysql_num_rows($result) || $id < 1) header('location:notfound.php');
Link to comment
Share on other sites

You can't have the HTML outputted before a redirect You can try to use ob_start(), but i don't know if it'll work like that. You should download a template class to keep your PHP and HTML separate.

Link to comment
Share on other sites

Nope, can't get it working.I've tried taking the "or die" out of the SQL commands and also taken the HTML out after the PHP tags have closed. Also tried putting the if statement in different places and just keep getting errors.

Link to comment
Share on other sites

The output we're talking about can be as simple as one blank space or one newline. It doesn't have to be inside the HTML tags. It just has to be outside the PHP tags, and specifically before the tags containing the header command.

Link to comment
Share on other sites

Right, I am now working off the code below. The redirection works if the $id isn't found in the database, but if it is I just get a blank white screen. Any ideas what is missing?

<?php$id = (isset($_GET['id'])) ? $_GET['id'] : false;$con = mysql_connect("localhost", "burndena_username", "password");$db_selected = mysql_select_db("database",$con);$sql = "SELECT * FROM search";$result = mysql_query($sql,$con);if(!is_numeric($id) || $id > mysql_num_rows($result) || $id < 1) header('location:notfound.php');file_get_contents('http://www.burndenaces.co.uk/news/article.php?id=$id');mysql_close($con);?>
Link to comment
Share on other sites

Aswell as the code shown in my previous post, I also have the following code, which has changed from the file_get_contents to another header redirect. But still doesn't work.

<?php$id = (isset($_GET['id'])) ? $_GET['id'] : false;$con = mysql_connect("localhost", "username", "password");$db_selected = mysql_select_db("database",$con);$sql = "SELECT * FROM search";$result = mysql_query($sql,$con);if(!is_numeric($id) || $id > mysql_num_rows($result) || $id < 1) header('location:notfound.php');header('location:article.php?id=$id');mysql_close($con);?>
Link to comment
Share on other sites

I seem to have solved my problem by executing a PHP include instead of trying to redirect.Here is the code that fully works.

<?php$id = (isset($_GET['id'])) ? $_GET['id'] : false;$con = mysql_connect("localhost", "username", "password");$db_selected = mysql_select_db("database",$con);$sql = "SELECT * FROM search";$result = mysql_query($sql,$con);if(!is_numeric($id) || $id > mysql_num_rows($result) || $id < 1) header('location:notfound.php');include "http://www.burndenaces.co.uk/news/article.php?id=$id";mysql_close($con);?>

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...