Jump to content

Please help me oh yee magical programming masters :)

kac001

By kac001
in PHP Coding Help

 Share

Recommended Posts

kac001 Newbie

kac001

Posted
Posted

Okay... so I am loading some content into my page from the database... I know how to do this normally... but here is the sticking point... I want to load the content from one of 5 options (so there are multiple pages with 5 different options for body copy) depending on what the value of the cookie is...

 

Here is what I tried, but it did not work:

 

//Determin which page ID to use in our query ----------------------------------------------------------------------------------------------
if (!$_GET['pid']){
$pageid = '1';	
} else {
$pageid = $_GET['pid'];
}
//Query the Main Content and Titles for the proper page ---------------------------------------------------------------------------------------------
$sqlCommand="SELECT process_mainContent_vers1, process_mainContent_vers2, process_mainContent_vers3, process_mainContent_vers4, process_mainContent_vers5, process_pagetitle FROM pages_process WHERE process_id='$pageid' LIMIT 1";
$query=mysqli_query($myConnection, $sqlCommand) or die (mysql_error());
$body = '';
$title = '';
while ($row = mysqli_fetch_array($query))
{
if (isset($_COOKIE['career_status']))
{
	$carreerStatus = ($_COOKIE['career_status']);

	if ($carreerStatus=="Starting Residency/Graduating Medical School")
		$body = $row["process_mainContent_vers1"];

	if ($carreerStatus=="Ending Residency/Starting Fellowship")	
		$body = $row["process_mainContent_vers2"];

	if ($carreerStatus=="Practicing Physician")
		$body = $row["process_mainContent_vers3"];

	if ($carreerStatus=="Practicing Physician")
		$body = $row["process_mainContent_vers4"];

	if ($carreerStatus=="Hospital/Practice Administrator")
		$body = $row["process_mainContent_vers5"];
}
else
{
	$carreerStatus = ($_SESSION['career_status']);

	if ($carreerStatus=="Starting Residency/Graduating Medical School")
		$body = $row["process_mainContent_vers1"];

	if ($carreerStatus=="Ending Residency/Starting Fellowship")	
		$body = $row["process_mainContent_vers2"];

	if ($carreerStatus=="Practicing Physician")
		$body = $row["process_mainContent_vers3"];

	if ($carreerStatus=="Practicing Physician")
		$body = $row["process_mainContent_vers4"];

	if ($carreerStatus=="Hospital/Practice Administrator")
		$body = $row["process_mainContent_vers5"];
}

$title = $row["process_pagetitle"];
}
mysqli_free_result($query);
//-----------------------------------------------------------------------------------------------------------------------------------------

Link to comment
Share on other sites
dadamssg Advanced Member

dadamssg

Posted
Posted

i would change the very first part to this...for sql injection reasons

 

if (!$_GET['pid']){

$pageid = '1';

} else{

           $pageid = (int) $_GET['pid'];
           if($pageid == 0)
            {
                $pageid = "1";
            }
          
}

 

So if they do write letters/words in that parameter this would convert it to 0 and then set it to 1

Link to comment
Share on other sites
kac001 Newbie

kac001

Posted
  • Author
Posted

i would change the very first part to this...for sql injection reasons

 

if (!$_GET['pid']){

$pageid = '1';

} else{

           $pageid = (int) $_GET['pid'];
           if($pageid == 0)
            {
                $pageid = "1";
            }
          
}

 

So if they do write letters/words in that parameter this would convert it to 0 and then set it to 1

 

 

okay... good idea and all, but what does that do as far as resolving my actual problem?

 

Thanks anyway :)

 

I just hope another person actually addresses what I am trying to do...  :D

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

You should start by seeing if the cookie or session vars actually hold the data you're trying to use in the conditionals (might consider making those into switch statements instead, too). Add this code at the head of the script and see what data you actually have coming in.

 

echo '<pre>';
echo 'Cookie Data:';
print_r($_COOKIE);
echo 'Session Data:';
print_r($SESSION);
echo '</pre>'

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

The problem with intval() against a form value is that all form values are, by default, strings. So it's kind of a crap shoot to assign the intval() of a string to a variable that needs to be an integer without validating it. I don't know if there's an advantage in processing overhead, or if it's technically right or wrong, but I normally do this for a value that's expected to be an integer.

 

if( !empty($_POST['int_field']) && ctype_digit($_POST['int_field']) ) {
     $int_var = (int) $_POST['int_field'];
}

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

You should start by seeing if the cookie or session vars actually hold the data you're trying to use in the conditionals (might consider making those into switch statements instead, too). Add this code at the head of the script and see what data you actually have coming in.

 

echo '<pre>';
echo 'Cookie Data:';
print_r($_COOKIE);
echo 'Session Data:';
print_r($SESSION);
echo '</pre>'

 

I just noticed I have a typo in there. $SESSION needs to be $_SESSION . . .

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.