/    Sign up×
Community /Pin to ProfileBookmark

Working with intval?

Copy linkTweet thisAlerts:
Oct 01.2010

Hello Peeps,

I’m trying to keep my data safe and clean in my database, so anything that i’m using with $_GET to retrieve a URL I want to make sure an int value is passed. IE, say my URL was:

[B]page.php?news_id=123[/B]
The page would process fine

But if it was
[B]page.php?news_id=dodgycode[/B]

It would send the user away to an errow page. However with my code below if

[B]page.php?news_id=dodgycode[/B]

Is entered it does not send the user to the error page. It simply outputs the message Unknown column ‘dodgycode’ in ‘where clause’?

Anyone help?

[code=php]
<?php
//* If the Value is an INT then continue…
if(intval($_GET[‘news_id’] == $_GET[‘news_id’]) || ($_GET[‘news_id’] != 0)) {

$SQL = “SELECT *from test where news_id= “.$_GET[‘news_id’];

$result = mysql_query($SQL) OR die(mysql_error());

$row = mysql_fetch_array($result);

echo $headline = $row[‘headline’];
echo $story = $row[‘story’];

} else {

//* Otherwise appears to be something Dodgy here so get me out of here
header(“Location: take_me_to_error_page.php”);
exit;

}
?>
[/code]

to post a comment
PHP

4 Comments(s)

Copy linkTweet thisAlerts:
@NogDogOct 01.2010 — I would rewrite the if condition as:
[code=php]
if(!empty($_GET['news_id']) && intval($_GET['news_id'] == $_GET['news_id'])) {
[/code]
This way you first test that there even is a news_id and that it is not 0, then if so, make sure you got an integer.
Copy linkTweet thisAlerts:
@chrisbauthorOct 01.2010 — Thanks notdog, but still have that same issue.

Say a user enters the URL as:

page.php?news_id=dodgycode

The code should chuck the user out to my error page, but it's not. I'm getting an [B]Unknown column 'dodgycode'[/B] message which the user should not get as at this point they should have been chucked straight to the else statement?

[code=php]
<?php
//* If the Value is an INT then continue...
if(!empty($_GET['news_id']) && intval($_GET['news_id'] == $_GET['news_id'])) {

$SQL = "SELECT *from test where news_id= ".$_GET['news_id'];

$result = mysql_query($SQL) OR die(mysql_error());

$row = mysql_fetch_array($result);

echo $headline = $row['headline'];
echo $story = $row['story'];

} else {

//* Otherwise appears to be something Dodgy here so get me out of here
header("Location: take_me_to_error_page.php");
exit;

}
?>
[/code]
Copy linkTweet thisAlerts:
@NogDogOct 01.2010 — Upon further review, I think this will work better and be a bit cleaner:
[code=php]
if(!empty($_GET['news_id']) && ctype_digit($_GET['news_id'])) {
[/code]
Copy linkTweet thisAlerts:
@chrisbauthorOct 01.2010 — Thanks!
×

Success!

Help @chrisb spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.11,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...