No problem and thanks for thanks btw.
Generally, if you have a place in your code where you are going to fork operations (ie do action a, or action b) and that pivots upon a conditional check ( such as if or > or < etc ) then its pretty critical that that condition is testing values that meet your expectations.
This is true in all languages, but I get the impression that in PHP (being a loosely typed language) this is doubly so.
(Hauls out that old link I have been posting and reposting on here for a long time)
Take a look at this chart ; PHP Variable Tests
So a $var containing the string “0” or the empty string “” or the integer 0 can all pass and fail different conditions depending on which condition you used.
isset( $var ) | empty( $var ) | or just plain if( $var ) or if( !var )
They may look like the same thing, under certain conditions they may all pass as the same thing - but they are not, and that fact will jump up and bite your bum sooner or later.
So if you keep uppermost in your brain the thought that “What I think $var contains may not actually be what PHP thinks $var contains”, then it leads to the thought “I wonder what PHP assesses this $var to be?”.
Hence the very handy and very easy to use and remember var_dump()
$var = "0" ;
var_dump( $var ) ;
// string '0' (length=1)
$var = (int)$var ;
var_dump( $var ) ;
// int 0
It not only tells you the value of your var but also shows you what type of var it is.
So just prior to doing something like :
if ( isset($_GET['catID']) )
Add this line, comment it out later, or remove it.
var_dump( $_GET['catID'] );
Follow a piece of data which you think you know all about, after all you wrote the code - right? … lets say it:
-emanated from a form element (which you may have forgotten to quote?)
-could have then been changed by a malicious user
-got passed via http ( did it get mangled in any way, urlencoded etc?)
-got put into your postback page (and maybe further processed higher up your script)
May not arrive at your conditional check with a payload which matches exactly what you have in your head. So prove it, var_dump() it.
Writing and testing a conditional fork? var_dump() the var first, it is easier and faster than trying to debug it after the event.