1

I've added NOT IN so it wont include 21 and 25 when displaying the Knights but I want to add message like clan not found and etc but it will says something else.

    if (!isset($_GET['id']))
    {
        $this->Error('CLAN_NOT_FOUND');
        return;
    }

    $db = $this->database[GDB];
    $id = intval($_GET['id']);

    $num_rows = $db->doQuery('SELECT IDName FROM KNIGHTS WHERE IDNum = ? AND IDNUM NOT IN (21,25)', $id);
    if ($num_rows == -1)
    {
        $this->Error('DB_ERROR');
        $db->getError();
        return;
    }
    else if ($num_rows == 0)
    {
        $this->Error('CLAN_NOT_FOUND');
        return;
    }

I've already created CLAN_CANNOT_DISPLAY but I don't know how to include it correctly and securely on the function above. If someone is able to help me out and show me how it should look .. I'll be really grateful.

EDIT: I use MSSQL Server 2005

Kind Regards.

Improve this question
3
  • if IDNum is a param, why not check != 21,25 within PHP? Why make a round trip to the server? Commented Sep 27, 2013 at 0:30
  • So can you please show me how it should look including the error message CLAN_CANNOT_DISPLAY ? Commented Sep 27, 2013 at 0:32
  • BTW, you have a typo. You cannot put IDNum = ? AND IDNUM, it should be IDNum = ? AND IDNum or IDNUM = ? AND IDNUM, depending on your case. Commented Sep 27, 2013 at 0:38

1 Answer 1

Reset to default
1

If you know the IDs you don't want from PHP, save yourself a round trip. For example...

Replace:

$id = intval($_GET['id']);

$num_rows = $db->doQuery('SELECT IDName FROM KNIGHTS WHERE IDNum = ? AND IDNUM NOT IN (21,25)', $id);

With:

$id = intval($_GET['id']);
if (in_array($id,array(21,25)))
{
    $this->Error('CLAN_CANNOT_DISPLAY');
    return;
}

$num_rows = $db->doQuery('SELECT IDName FROM KNIGHTS WHERE IDNum = ?', $id);
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

I deleted my answer as I wrote it expecting you wouldn't expand further. You've got my +1.
Is this a secure one ? Thanks for the +1.
@FranciscoPresencia: I almost wasn't going to so no worries--I'll consider this as you having my back.
Its really helpful but can you lastly let me know if thats secure one as you've provided it ?
@nRov: Yes, it just was shorter than if ($id == 21 || $id == 25){ (and allowed you to add other IDs easier at a later date, or make that list generated from something else).
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.