Hmm, not entirely sure how to do this.. I have: $location = '' . $details['location'] . ''; $interests = '' . $details['interests'] . ''; $about = '' . $details['about'] . ''; PHP: bascially, if any of them fields are empty, I want to display: field empty. Can anyone help?
1. Your double apostrophe's make no sense. With two '' you are basically saying let's start a string with the first apostrophe ' and now let's stop the strin right away with the second apostrophe. Might as well leave them. 2. the answer: if(is_string($details['location'])) { $location = $details['location']; } else { $location = 'field empty'; } PHP:
OK, I took your advice on the double apostrophe's. $location = $details['location']; if(is_string($details['location'])) { $location = $details['location']; } else { $location = 'field empty'; } PHP: But, when I go to someones profile who doesn't have location filled in I still get blank instead of 'field empty'.
The 'issue' is what each value is. You can have "" which cna be a string still, you can have true, false, a space etc. So my code didn;t work probably because the is_string didn't evaluate correctly because even when empty the value was a string. I use a wrapper function that checks a value for being empty in all possible ways.
Oh ok, well thanks both of you Would anyone be able to check over this code and tell me if there is anyway I can make it better/optimize it and also if it's secure. Thanks. <?php require_once ('global.php'); require_once ('include/class_pagination.php'); $getdetails = "SELECT * FROM `users` ". "WHERE `username` = '" . mysql_real_escape_string(stripslashes(trim($_GET['user']))) . "'"; $getdetailsresult = mysql_query($getdetails) or die(mysql_error()); $getdetailscount = mysql_num_rows($getdetailsresult); if($getdetailscount == 0) { $message = "Sorry, we could not find the user " . mysql_real_escape_string(stripslashes(trim($_GET['user']))) . "."; $tpl->output_page ('error'); } else { $details = mysql_fetch_array($getdetailsresult); $title = $details['username'] . "'s profile"; foreach ($details as $key => $value) { if ($value == "") { $details[$key] = "Unknown"; } } $username = $details['username']; $location = $details['location']; $interests = $details['interests']; $about = $details['about']; $favorites = "SELECT * FROM `favorites` WHERE `user_id` = '" . $details['user_id']. "' ORDER BY rand()"; $favoritesresult = mysql_query($favorites) or die(mysql_error()); $favoritescount = mysql_num_rows($favoritesresult); while($favorite = mysql_fetch_array($favoritesresult)){ $getitle = "SELECT `title`, `filename`, `description`, `views`, `added` FROM `files` WHERE `file_id` = '" . $favorite['file_id'] . "'"; $getitleresult = mysql_query($getitle) or die(mysql_error()); $titles = mysql_fetch_array($getitleresult); $favourite['one'] = '<a href="http://www.boredombase.com/file/' . $favorite['file_id'] . '-' . str_replace(' ', '-', strtolower($titles['title'])) . '.html">' . $titles['title'] . '</a><br />'; } { if ($favourite == "") { $favourite['one'] = "User has no favourites selected!"; } } $tpl->output_page ('profilebit'); } ?> PHP:
Your indentation is 'creative' the way you tab in for each line. In your bottom while loop, you pull all of the user favorites but you only record one. Also, you're not stripping out all of the necessary things when you use the $titles['title'] in the URL. I'd also remove / and " and ' and & (create a function).
yeah you should, you should also be checking this data before you insert into a database : $text = "The cow jumped over the moon"; echo str_replace(array("The", "cow"), array("10", "dogs"), $text); PHP: will get you out of writing functions for cleanups, although they are a good thing to have around and it'll save you some time eventually. Also, theres a huge difference between helping you with your projects and writing them for you, no one is saying anything that isn't said commonly about interacting with php / forms / mysql, so just assume it's a good idea to apply every security tactic ever mentioned to every single line of code you ever write.... I can't see any security issues jump out @ me no.....xcept for ^^^
The best way is this: when you do something, php checks if it worked or not. So it tells you if its blank or not.
It most certainly is php5 compliant Every language needs operators at it's core, they aren't goin anywhere.
If you check for the existence of a variable that does not exist and turn error reporting to E_ALL you will get Notice: Undefined index: variable in... Why not use isset and be proper?
There's a difference between a variable being set and a variable being true/false... and such a large difference it's strange to see them being mixed up like this. $nothing = ''; // set and false $something = 'pies'; // set and true if ( $chicken ) { // not set (implies false but generates notice if you try to use it) echo 'chicken'; } PHP: A good method is combining the isset and the true conditionals into one statement.. if its not set, the isset() will evaluate to false so the second part (true/false) isn't checked - therefore you're not using an undefined variable and you don't need to nest your if statements. // if you haven't already set the variable (eg your checking a GET/POST var) if ( ! isset($_GET['cheese']) || ! $_GET['cheese'] ) { echo 'no cheese!'; } PHP: