if statment and redirect problem

[mattm1712]

hi i am trying to count the number of clicks to an external link this is what i have come up with but it doesnt redirect but the if statment doesnt work properly because every time i click a link it always echos hello saying $add is not numeric when it is????

 

please help

 

 

 

<html>

<a href="index.php?add=1">Gamerforums</a><br>

<a href="index.php?add=2">Google</a><br>

<a href="index.php?add=3">Ebay</a><br>

<a href="index.php?add=4">Paypal</a><br>

 

<?php

$add = $_GET['add'];

include 'connect.inc';

if (is_numeric($add))

{

mysql_query("UPDATE count SET clicks=clicks+1 WHERE id='$add'");

$result = mysql_query("SELECT * FROM count WHERE id='$add'");

$row = mysql_fetch_assoc($result);

$url= $row;

header ("Location: $url");

}

else

{

echo "hello";

}

?>

</html>

[mattm1712]

sorry sorted now was a database problem

[chintansshah]

Please write exit(); after header ("Location: $url");

 

 

[rwwd]

And PLEASE sanitise your incoming data, you could have your database wiped with a couple of keystrokes if you leave it like that; ALWAYS sanitise $_GET and $_POST data, if you don't your hard work can be at risk!

 

And I wouldn't use is_numeric() as this is a very loose function as it lets hex chars through, personally I would switch to preg_match() that way you can just make the pattern accept EXPLICITLY digits only, and (not sure about this, but I am always coding safer than sorry) I would type cast the incoming $_GET because I think (though I may well be wrong) like $_POST; $_GET's are technically strings... Using type casting makes the 'forces' the digit to be whole, so it wouldn't let floats through.. I used this method when I did my pagination class a few years back, still works, still solid...

 

And yes, exit; after the header; call, kills the script as there is nothing else to execute after the header, else there wouldn't be a header call!

 

Rw