Hi y'all, I can't seem to get the two of these statements to work together (without an error in the error log). if (isset($_GET["page"])){ $page=$_GET["page"]; } if($page == "") { $page=1; } The code works, but issues a warning (on my home server). I've gotten rid of the rest of the warnings one way or another. I want to include the if($page =='') ... in the if(isset($_GET )... part. The error complains about $page being an undefined variable. Thanks.
That's because $page is only defined if $_GET['page'] is set. You can put all of that into one line. $page=(isset($_GET['page']))?$_GET['page']:1; PHP:
The problem is that the varible $page is not set before you are using it in "if($page == "")"... I'm not exactly sure on what you're trying to do. But setting $page = ''; at the top of the script would remove this error. IE: $page = ''; if (isset($_GET["page"])){ $page=$_GET["page"]; } if($page == "") { $page=1; } PHP: I'm not 100% sure that I understand what you're trying to accomplish, but this seems appropriate: $page = ''; if (isset($_GET["page"])){ $page=$_GET["page"]; } else { $page = 1; } PHP: One thing I would do is to cast $_GET['page'] to an integer assuming that it is a number, to prevent any script injection. $page = ''; if (isset($_GET["page"])){ $page=(int)$_GET["page"]; } else { $page = 1; } PHP:
Hi, Thanks for the input, but the problem still exists (or maybe I know it's worse). The script is for pagination and is supposed to get its input from http://localhost/search.php?page=2&SearchString=test (2nd page of results). Testing injection, I replaced page=2 with page= (or %20) and I get an SQL syntax error. I guess what I need to do is filter page before this point to make sure %20 (space) never gets in.
Ok, just declaring it before the get statement (as suggested) fixed the error (on my local machine). Thanks for the direction, and the casting suggestion. Always a good idea. Thanks guys. =)