Looking for a simpler way to do this...
6 posts by 3 authors in: Forums > CMS Builder
Last Post: May 14, 2010 (RSS)
By zip222 - May 12, 2010
if($section=="about_us") {
list($sidebar_featuresRecords, $sidebar_featuresMetaData) = getRecords(array(
'tableName' => 'sidebar_features',
'where' => 'about_us=1',
));
}but I would like to do something like this...
list($sidebar_featuresRecords, $sidebar_featuresMetaData) = getRecords(array(
'tableName' => 'sidebar_features',
'where' => '$section=1',
));the where statement in the bottom code doesn't work.
Re: [zip222] Looking for a simpler way to do this...
By Chris - May 13, 2010
PHP doesn't replace variables in single-quoted strings, so you'll need to change your quotes to double-quotes:
'where' => "$section=1",Does that help?
Please be very careful about where $section comes from. If you're getting it from the $_REQUEST, you'll want to do some sanity checking on it before inserting it into SQL to avoid SQL injection attacks. If you'd like some help with this, please post a little more of your page and I can show you how to keep things safe.
If you have any questions, please let me know.
Chris
Re: [chris] Looking for a simpler way to do this...
By zip222 - May 14, 2010
What I am doing is part of an include....
In the main file:
<?php
$section == "sectionnamegoeshere";
include ("includefile.inc.php");
?>And then in the include file:
list($sidebar_featuresRecords, $sidebar_featuresMetaData) = getRecords(array(
'tableName' => 'sidebar_features',
'where' => "$section=1",
));Does this present any issues?
Re: [zip222] Looking for a simpler way to do this...
By Jason - May 14, 2010
This shouldn't present an issue, but there may be a few things you want to change just to be safe.
First, you'll need to change where you're getting your $section variable from this:
$section == "sectionnamegoeshere";to this:
$section = "sectionnamegoeshere";You only want to use the 1 "=" when assigning a value.
Second, change where you're getting your records to this:
list($sidebar_featuresRecords, $sidebar_featuresMetaData) = getRecords(array(
'tableName' => 'sidebar_features',
'where' => mysql_escape($section)."=1",
));This will ensure there is no malicious code hidden in your $section variable. This is just to be safe.
Hope this helps.
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
Re: [Jason] Looking for a simpler way to do this...
By zip222 - May 14, 2010
The two equal signs was just a typo :)
Re: [zip222] Looking for a simpler way to do this...
By Jason - May 14, 2010
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/