PDA

View Full Version : echo with a href confusion - help


songboy
12-14-2010, 11:01 PM
I've used the code below to create a line of letters which appear on a page. Each letter becomes a link and this begins a search sequence (involving another code page) which successfully ends up with a page
of author names in alphabetical order.
@$writer_alpha = array(A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z);
foreach($writer_alpha as $letter)
{
echo "<a href=\"?letter=" . $letter . "\">" . $letter . "</a>&nbsp;&nbsp;&nbsp;&nbsp;";
}

@$letter_chosen = $_GET['letter'];
if($letter_chosen)
{
$_SESSION['letter_chosen'] = $letter_chosen;
//if($letter_chosen)//
header("Location: writer_list_page.php");
exit();
}
Here's the beginning of my confusion. When you click a letter you go to writer_list_page, it does its stuff and you get your author list page.
Why, when you click a letter, don't you get a php message saying "There is no such URL on the server." It's a link but it's not seen as a link.
Now, why is this a problem ? When I use the same syntax structure as above to use a photo image to initiate a search for a writer's details, it doesn't work. Here's the code:
echo "<a href=\"$ret[0]['writer_photo_file']=" . $ret[0]["writer_photo_file"] . "\">"; <img src=" echo $ret[0]['writer_photo_file'];"</a>"?>" width = "72" height = "84" border="0" alt "car">
The photos are rendered so the img src works. However, when you click on a photo you get a message which quotes the directory route to the file but says - this URL doesn't exist. So, above, if I click "A" the code does not see "A" as the name of a URL but below when I click on the rendered photo, the code "<a href=\"$ret[0]['writer_photo_file']="
is interpreted as the name of a URL (and of course, it isn't found).
Could someone explain why the same code has different effects ?
Thanks -
Songboy

davidj
12-16-2010, 11:24 AM
contact me through codezenith.co.uk so we can sort this

I need to understand it properly

jmichae3
12-28-2010, 06:03 AM
first off, your link is all wrong. you are supposed to have a .php file name before the question mark.
second, you should use

if (isset($_GET['letter'])) {
$_SESSION['letter_chosen'] = $_GET['letter'];
header("Location: writer_list_page.php");
exit();
}

because it is possible that someone has accessed the php file without the GET parameters! use defensive programming.
you probably don't get a 404 because the PHP file exists. the GET parameters are just fluff.

another tip: don't trust arrays to work inside PHP strings (within quotes). always take them outside of the quotes. I have had them fail on me. I think if you were to use firefox and firebug plugin to inspect the IMG element, you would probably see that the src attribute has no content (or incorrect content).
this is better, but not perfect:

echo "<a href=\"" . $ret[0]['writer_photo_file'] . "=" . $ret[0]["writer_photo_file"] . "\">";

this URL doesn't look right to me. I think you need to rewrite it either with a - instead of an = or use something.php?var=value&var=value&var=value GET format. I don't think = is allowed here the way you have used it.

songboy
12-29-2010, 01:56 PM
Hi jmike -
I've tried the...if (isset($_GET['letter'])) {... idea and it works too. I'm not sure how your way is more defensive because both code extracts deliver a value in the status bar. The thing is, it's only the name of the letter clicked so it doesn't seem that much of an issue - maybe I'm wrong.
Thanks
Songboy

jmichae3
12-30-2010, 03:34 AM
if someone has loaded the page without the GET parameter, you want to be able to detect that. the way to detect that is to use if (isset($_GET['...']))
look isset up in the php manual. isset returns true if the variable has been set, false if it is undefined.

I just tested php by using $_GET from the command-line to assign a variable.

<?php
@$z=$_GET['p'];
if (isset($z)){echo 'y';}else{echo 'n';} ?>
^Z
n

if you don't have the get parameter on your php file, the $_GET variable you are trying to access will not be set. if it is not set, it will be undefined, and this undefined value will propagate into your $_SESSION variable. at least the way you have originally coded it.

this is why I try to get people to do defensive programming. people like to play with the parameters on web pages. so you may get an invalid value, and you need to detect this and defend against it. so if it is a character range, detect and check that character range like this, so that people can't break your web site:


if (isset($_GET['letter'])
&& 1==strlen($_GET['letter'])
&& $_GET['letter'] >= 'A'
&& $_GET['letter'] <= 'Z') {
$_SESSION['letter_chosen'] = $_GET['letter'];
header("Location: writer_list_page.php");
exit();
}


actually something more like this is what I meant by defensive programming. validating your input, checking for error conditions and handling them. it takes more work, but you will have more solid/bulletproof code.