tags:

views:

86

answers:

5
Q: 

PHP + MySQL problems :(

Hello, I am havin trouble with this code:

if ($_GET['offline']) {$extranet = $_GET['offline'];} else {$extranet = $online;}
$sql = mysqli_query($db,"UPDATE tbl_system SET value = '$extranet' WHERE property = 'extranet'");
echo $_GET['offline'];
echo $extranet;
echo $online;

In the database, the value of the field where the property = extranet is 1. Results of echo:

$_GET['offline'] = 0 $extranet = 1 $online = 1

Now, obviously, something's wrong here.

The URL to give this GET is: ?app=admincp&offline=0, so $_GET['offline'] is not the problem.

The problem must lie in the if statement, but I can't figure it out,

Any ideas?

+2  A:  
if ($_GET['offline'])

That will return false because the string "0" evaluates to false in PHP, so the if statement's condition can never evaluate to true. Use isset or array_key_exists instead. e.g.:

if (isset($_GET['offline'])) { ... }

or:

if (array_key_exists('offline',$_GET)) { ... }

In your case, you'll want to know whether or not the value is exactly the string zero "0". I would recommend using strcmp:

if (strcmp($_GET['offline'],"0") === 0) {
    $extranet = $_GET['offline'];
} else {
    $extranet = $online;
}
$sql = mysqli_query($db,"UPDATE tbl_system SET value = '$extranet' WHERE property = 'extranet'");
echo $_GET['offline'];
echo $extranet;
echo $online;
karim79  2009-08-17 21:39:50
+1  A: 

$_GET['offline'] is zero in the URL you provide, so if($_GET['offline']) and everything in that block will never be hit. Use isset() instead.

benjy  2009-08-17 21:41:14
+2  A: 

$_GET['offline'] is 0, and 0 evaluates to false, so the statement goes right. if you want to check whether offline is passed as an argument you have to use isset()

if (!isset($_GET['offline'])) {$extranet = $_GET['offline'];} else {$extranet = $online;}
klez  2009-08-17 21:41:32
+2  A: 

Yikes! In addition to karim's comment- sanitize your inputs! You're taking a URL parameter and putting it directly into an SQL query. A url of 

?app=admincp&offline=';DROP table tbl_system;--

Would ruin you!

Ryan  2009-08-17 21:44:13
yep, I add that once i can guarantee that the raw code is working :)
Shamil  2009-08-17 21:54:01
+1  A:  
if (strcmp($_GET['offline'],"0") === 0) {
    $extranet = $_GET['offline'];
} else {
    $extranet = $online;
}

This will throw an error in the case that $_GET['offline'] is not set, better to use !isset($_GET['offline'])

b82  2009-08-20 03:05:48

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL