#1
  1. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221

    Strange query issue


    Hi;

    How is ====> this <==== happening?

    This is NOT the results!

    Thanks
  2. #2
  3. Backwards Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,904
    Rep Power
    9646
  4. #3
  5. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221
    PHP Code:
    public function preview($id=null)
            {
                if(
    $id==null || !is_numeric($id))
                    {
                        
    $_SESSION['error'] = "Page not found";
                        
    redirect(base_url('errors'));
                    }
                
    $template $this->db->get_where('launch_templates', array('id' => $id));
                
    $this->data['details'] = $template->result_array()[0];
                
    $this->load->view('content_delivery_view',$this->data);
            }
        } 
  6. #4
  7. Backwards Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,904
    Rep Power
    9646
    And how is that related to your original question?
  8. #5
  9. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221
    Originally Posted by requinix
    And how is that related to your original question?
    !is_numeric($id))
  10. #6
  11. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,274
    Rep Power
    4193
    If you want to reject non-integer ID's, you should probably use ctype_digit. is_numeric will let things through that you probably don't want, such as +2.34e4.

    https://3v4l.org/r8vjM
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  12. #7
  13. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221
    Originally Posted by kicken
    If you want to reject non-integer ID's, you should probably use ctype_digit. is_numeric will let things through that you probably don't want, such as +2.34e4.

    https://3v4l.org/r8vjM
    Thanks, Kicken. Thoughts?

    PHP Code:
    public function is_this_launch_owner($launch_id)
            {
                
    $CI =& get_instance();
                
    $sql "
                SELECT * 
                FROM launch_launches 
                       WHERE id = ? AND user_id = ?"
    ;
                
    $query $CI->db->query($sql, array($launch_id$_SESSION['user_id']));
                if(
    $query->num_rows()!=|| !ctype_digit($launch_id))
                  {
                    
    $_SESSION['error_message'] = "Invalid link. Error code 22";
                    
    redirect(base_url('errors'));
                  }
            } 
  14. #8
  15. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,274
    Rep Power
    4193
    I would validate the ID prior to running the query. No point in wasting time/resources running a query when the ID is invalid.

    I also tend to not bother with checking the number of rows returned. Instead I just try and fetch the result and see if I get anything. In this case it probably doesn't matter though, since you're just checking if a record exists and not actually using any result data.

    That said, since you don't need any of the data from the table, don't select any so your query is quicker.

    Code:
    SELECT 1 FROM launch_launches WHERE id = ? AND user_id = ?
    In general you should never use * in your queries, with the one allowed exception being COUNT(*). Only pull the columns you need, and list out those columns explicitly (even if it's every column in the table).
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  16. #9
  17. SQL Consultant
    Devshed Supreme Being (6500+ posts)

    Join Date
    Feb 2003
    Location
    Toronto Canada
    Posts
    27,795
    Rep Power
    4331
    Originally Posted by kicken
    In general you should never use * in your queries, with the one allowed exception being COUNT(*).
    another allowed exception is for derived tables, because you can see exactly which columns are being returned by inspection of the subquery--

    Code:
    SELECT *
      FROM ( SELECT massively
                  , complex
                  , expressions
                  , which
                  , have
                  , column
                  , aliases
               FROM some_tables ) AS x
     WHERE alias1 > 0
       AND alias2 = 937           
    ORDER
        BY alias3
    avoids re-writing the massively complex expressions

    Comments on this post

    • kicken agrees : Forgot about that
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL

IMN logo majestic logo threadwatch logo seochat tools logo