Refresh page with passed variable

tinmanjim · April 27, 2010, 3:08am

I have the following:


<?php
   if (!isset($_GET['catID']))
      $catNum = 0;
   else
      $catNum = $_GET['catID'];
				
   $phpns['category'] = $catNum;
   include("news/shownews.php");
?>
<form name="catSelect" action="self" method="get" >
   <select name="catID" id="catID" onchange="catSelect.submit()">
      <option value="0">Title</option>
      <option value="1">Category 1</option>
      <option value="2">Category 2</option>
      <option value="3">Category 3</option>
    </select>
</form>

What I’m trying to do is have the page refresh with the selected category. I’ve been fiddling around and searching for several hours now, and would greatly appreciate any pointers.

Paul_Wilkins · April 27, 2010, 5:23am

The way to do it is to use a loop to show the options, so that at each iteration you can check if that particular option should be selected.


$optionsList = array(
    0 => 'Title',
    1 => 'Category 1',
    2 => 'Category 2',
    3 => 'Category 3'
);
$catNum = intval($catNum);
$options = '';
foreach ($optionsList as $index => $value) {
    $selected = ($index === $catNum) ? ' selected="selected"' : '';
    $options .= '<option value="'.$index.'">'.$value.'</option>';
}

Then you can use $options wherever you require, to show that list of options.

tinmanjim · April 28, 2010, 2:25am

As it turns out, action=“self” should have been action=“”

That change made everything work a charm…

Cups · April 28, 2010, 12:47pm

Wouldn’t this be a bit easier to read?


<?php
   $phpns['category'] = 0 ; // default

   if ( isset($_GET['catID']) ) 
     $phpns['category'] = (int)$_GET['catID'];
               
   include("news/shownews.php");
?>

the (int) type-sets catID and so makes sure that any incoming var is either an integer (as you are expecting) or sets it to be 0.

Naturally, you may have removed some other complexities for the sake of making your sample easier to read, but on the face of it I hope my example makes sense and provides you with a bit of protection in case catID contained “1=1; --drop table …” or some other attack.

Using the line


var_dump( $_GET ) ;

First would have also saved you some hair-pulling.

tinmanjim · April 28, 2010, 10:26pm

Thanks, Cups!

You know, I often seem to go the long way around. I’m sure that has a lot to do with my lack of experience.

I really like your code; it’s much more elegant, and I’ll be using it.

BTW, I looked up the var_dump() bit, and while I get what it does, I’m not sure what to do with it. Mind giving me a hint?

Cups · April 29, 2010, 8:15am

No problem and thanks for thanks btw.

Generally, if you have a place in your code where you are going to fork operations (ie do action a, or action b) and that pivots upon a conditional check ( such as if or > or < etc ) then its pretty critical that that condition is testing values that meet your expectations.

This is true in all languages, but I get the impression that in PHP (being a loosely typed language) this is doubly so.

(Hauls out that old link I have been posting and reposting on here for a long time)

Take a look at this chart ; PHP Variable Tests

So a $var containing the string “0” or the empty string “” or the integer 0 can all pass and fail different conditions depending on which condition you used.

isset( $var ) | empty( $var ) | or just plain if( $var ) or if( !var )

They may look like the same thing, under certain conditions they may all pass as the same thing - but they are not, and that fact will jump up and bite your bum sooner or later.

So if you keep uppermost in your brain the thought that “What I think $var contains may not actually be what PHP thinks $var contains”, then it leads to the thought “I wonder what PHP assesses this $var to be?”.

Hence the very handy and very easy to use and remember var_dump()


$var = "0" ;
var_dump( $var ) ;
// string '0' (length=1)

$var = (int)$var ;
var_dump( $var ) ;
// int 0

It not only tells you the value of your var but also shows you what type of var it is.

So just prior to doing something like :


if ( isset($_GET['catID']) )

Add this line, comment it out later, or remove it.


var_dump( $_GET['catID'] );

Follow a piece of data which you think you know all about, after all you wrote the code - right? … lets say it:

-emanated from a form element (which you may have forgotten to quote?)
-could have then been changed by a malicious user
-got passed via http ( did it get mangled in any way, urlencoded etc?)
-got put into your postback page (and maybe further processed higher up your script)

May not arrive at your conditional check with a payload which matches exactly what you have in your head. So prove it, var_dump() it.

Writing and testing a conditional fork? var_dump() the var first, it is easier and faster than trying to debug it after the event.