$_get

Tanax · 02-04-2008, 09:42 PM

Hi!

My question is a fairly simple question, but when I thought about it, I really had no clue..

So basicly.
I have a member.php script.

If I write member.php?u=4, it would generate and echo out a member profile of the user with user_id = 4.

However, if I write member.php?g=admins, it would generate and echo out a list of all the members that are currently in the group "admins"(with the field rank, set to 3).

And if I write member.php?show=all, it would generate a list of all the members.

So my question is as following.

How do I prevent users from writing member.php?u=4&show=all&g=mods ????

How can I force them just to have one, and if they write all of them, show some kind of error message, or perhaps redirect to the list of all as a default "member.php" -page ??

PHP Code:


			
if(count($_GET) > 1) {

echo 'Na na na!';

}



else {

$group = $_GET['g'];

$user = $_GET['u'];

$default = $_GET['show'];

}

// etc..

Possible? Wrong method? Better method?

Thanks in advance!

Andrew · 02-05-2008, 12:15 AM

Try:

PHP Code:


			
if (count($_GET) > 1) { /* error */ }

$_GET is an array, so you have to use count() to count how many parts to the array there are.

xenon · 02-05-2008, 01:09 AM

It's simple: just get the one you're interested the most in. If the user id is more important than the group, then take only the user id and ignore the rest. Or, you could go for showing the user an error, or perhaps even redirecting them somewhere. As long as the request is not done via the website urls, you can do what ever you want with the unwanted requests.

Tanax · 02-05-2008, 10:02 AM

Quote:

Originally Posted by Andrew

Try:

PHP Code:


			
if (count($_GET) > 1) { /* error */ }

$_GET is an array, so you have to use count() to count how many parts to the array there are.

Yea that's what I thought, thanks

Quote:

Originally Posted by xenon

It's simple: just get the one you're interested the most in. If the user id is more important than the group, then take only the user id and ignore the rest. Or, you could go for showing the user an error, or perhaps even redirecting them somewhere. As long as the request is not done via the website urls, you can do what ever you want with the unwanted requests.

Huh? Code example?

RobertK · 02-05-2008, 02:25 PM

Quote:

How do I prevent users from writing member.php?u=4&show=all&g=mods ????

How can I force them just to have one, and if they write all of them, show some kind of error message, or perhaps redirect to the list of all as a default "member.php" -page ??

What you are looking at is the logic of page design. You have to determine in what order of importance the variables will be. For instance, I'd rank the specific user link and a group link as more important than a tag that tells me to show everyone. Then it's sorting those out into the logic sections.

It's as simple as an if-then-else block, in series to construct the path of logic we decided upon above.

PHP Code:


			
if(count($_GET) > 0) {

  if(isset($_GET['u'])) {

    // Show your member specific page

  } elseif(isset($_GET['g'])) {

    // Show your group specific listing

  } elseif(isset($_GET['show'])) {

    // Show all members or whatever page of the list you want.

  } else {

    // Handle the invalid input as you wish...

  }

} else {

  // No input, so show your default page.

}

Tanax · 02-05-2008, 04:08 PM

Thank you

I solved it

RobertK · 02-05-2008, 04:09 PM

You're welcome, glad to help you out.

Gibou · 02-06-2008, 08:25 AM

instead of using isset, use !empty() which verify if the var exists and if is not null. The problem when you use isset is that if a user go to this page: index.php?u= the condition if(isset($_GET["u"])) is validated.

Tanax · 02-06-2008, 10:11 AM

Quote:

Originally Posted by Gibou

instead of using isset, use !empty() which verify if the var exists and if is not null. The problem when you use isset is that if a user go to this page: index.php?u= the condition if(isset($_GET["u"])) is validated.

Thanks!

But I run a check on the userid, and if it's not found.. then it gives a msg "A user with that ID does not exist", so I solved it anyways... :P

Gibou · 02-06-2008, 10:46 AM

Yes, of course but it's more friendly to display a default page if the $_GET["u"] is empty (like the home page) instead of an error message. Keep your error message in case of the user id passed in the GET var is wrong (ex: $_GET["u"]=toto).

Whatever, it's a detail, do what you want :)

Kalle · 02-06-2008, 02:34 PM

I was just about to suggest a similar method as RobertK just posted, damn your too fast Robert =P