Looking for a simpler way to do this...

6 posts by 3 authors in: Forums > CMS Builder
Last Post: May 14, 2010   (RSS)

By zip222 - May 12, 2010

I currently have this (note bold text)...

if($section=="about_us") {
list($sidebar_featuresRecords, $sidebar_featuresMetaData) = getRecords(array(
'tableName' => 'sidebar_features',
'where' => 'about_us=1',
));
}




but I would like to do something like this...

list($sidebar_featuresRecords, $sidebar_featuresMetaData) = getRecords(array(
'tableName' => 'sidebar_features',
'where' => '$section=1',
));


the where statement in the bottom code doesn't work.

Re: [zip222] Looking for a simpler way to do this...

By Chris - May 13, 2010

Hi zip222,

PHP doesn't replace variables in single-quoted strings, so you'll need to change your quotes to double-quotes:

'where' => "$section=1",

Does that help?

Please be very careful about where $section comes from. If you're getting it from the $_REQUEST, you'll want to do some sanity checking on it before inserting it into SQL to avoid SQL injection attacks. If you'd like some help with this, please post a little more of your page and I can show you how to keep things safe.

If you have any questions, please let me know.
All the best,
Chris

Re: [chris] Looking for a simpler way to do this...

By zip222 - May 14, 2010

Chris,

What I am doing is part of an include....

In the main file:

<?php
$section == "sectionnamegoeshere";
include ("includefile.inc.php");
?>



And then in the include file:

list($sidebar_featuresRecords, $sidebar_featuresMetaData) = getRecords(array(
'tableName' => 'sidebar_features',
'where' => "$section=1",
));


Does this present any issues?

Re: [zip222] Looking for a simpler way to do this...

By Jason - May 14, 2010

Hi,

This shouldn't present an issue, but there may be a few things you want to change just to be safe.

First, you'll need to change where you're getting your $section variable from this:
$section == "sectionnamegoeshere";
to this:
$section = "sectionnamegoeshere";

You only want to use the 1 "=" when assigning a value.

Second, change where you're getting your records to this:

list($sidebar_featuresRecords, $sidebar_featuresMetaData) = getRecords(array(
'tableName' => 'sidebar_features',
'where' => mysql_escape($section)."=1",
));


This will ensure there is no malicious code hidden in your $section variable. This is just to be safe.

Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [zip222] Looking for a simpler way to do this...

By Jason - May 14, 2010

Glad to hear that's working now. :)
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/