Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Nov 2010
    Posts
    10
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Problems with if statements

    Sorry for making another thread, but I am also having problems with some if else statements. Maybe you can take a gander and tell me if you see anything wrong:

    PHP Code:
    <?php
    /* See if variables are in URL, substitute if not */
    if (count($_GET["sortby"])<= 0)
        
    $sortby "last";
    else
        
    $sortby $_GET['sortby'];

    if (
    count($_GET["order"])<= 0)
        
    $order "ASC";
    else
        
    $order "DESC";

    /* Apply sorting before display */        
    mysql_select_db($database_ballot$ballot);
    $query="SELECT * FROM votes ORDER BY $sortby $order";
    $query2="SELECT * FROM votes";
    $result=mysql_query($query);
    $result2=mysql_query($query2);
    $num=mysql_numrows($result2);

    /* Apply order to link that is displayed */
    if ($order=="ASC")
        {
        echo(
    '<a href="index.php?sortby=first&order=DESC"><strong>
        First Name:</strong></a>'
    );
        }
    elseif (
    $order=="DESC")
        {
        echo(
    '<a href="index.php?sortby=first&order=ASC"><strong>First Name:</strong></a>');
        }
    else
        {
        echo(
    'error');    
        }
    /* More links follow below, not repeated for the sake of space */
    ?>
    So essentially, I have a page that displays MySQL results in a table. They display in a certain order according to the variables in the URL. It displays them just fine when there are variables in the URL, however it will not apply a value to it when it's just the index.php. So Problem #1, I cannot get it to display by default the last name ascending. Problem #2, for the links I can go to the index without variables, click on the link, with it being DESC, while the URL var is DESC it will be the ASC link, I click it again and the link is ASC from then out while the URL var is ASC.

    Thanks again
    Last edited by redfox; 11-26-2010 at 05:00 PM.

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,502
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    I'm not sure what "count" is doing for your $_GET variables ...
    But assign a default before you $_GET any.

    PHP Code:
    <?php

    // default values
    $sortby="first";
    $order="ASC";

    /* GET URL variables, if any */
    if ($_GET['sortby']){
    $sortby $_GET['sortby'];
    }
    if (
    $_GET['order']){
    $order $_GET['order'];
    }

    // rest of your script here ...

    ?>

    EDIT:
    I should add this, because it's important ...

    You are letting the user input things into your query without sanitizing anything.
    That's a security issue (as with SQL injections).

    I suggest you use codes instead ... so the user doesn't have control over them.
    Never let a user input anything directly into a MySQL query. Either do this:
    http://php.net/manual/en/function.my...ape-string.php

    or, use some codes like shown below ... where only you determine what goes into the query.

    Like this:

    echo('<a href="index.php?sortby=1&order=1"><strong>First Name:</strong></a>');

    Then, you define what the codes are ....
    PHP Code:
    <?php

    /* GET URL variables, if any */
    if ($_GET['sortby']){
    $s $_GET['sortby'];
    }
    if (
    $_GET['order']){
    $o $_GET['order'];
    }

    $sortby="first";
    if(
    $s == 2){
    $sortby="last";
    }
    if(
    $s == 3){
    $sortby="email";
    }
    if(
    $s == 4){
    $sortby="phone";
    }

    $order="ASC";
    if(
    $o == 2){
    $order="DESC";
    }

    // rest of your script here ...

    ?>



    .
    Last edited by mlseim; 11-26-2010 at 06:09 PM.

  • Users who have thanked mlseim for this post:

    redfox (11-26-2010)

  • #3
    New Coder
    Join Date
    Nov 2010
    Posts
    10
    Thanks
    2
    Thanked 0 Times in 0 Posts
    With your bit of code, I was still getting a myriad of notices when no variables where in the URL, however I just said to heck with it and turned off the notices. haha. Thanks for your help!

    Also about the SQL injections, it is basically going to be something for my school and these where going to be shown in a authentication protected admin panel, so I wasn't too worried, but once again, thanks for the advice!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •