switch problem...i think

A

Anonymous

Guest
Why does the switch keep going into the default stage?


URL is:
...edit.php?action=guest_delete&id=10

Code:
<?php
include('variables.php');
if ($_COOKIE[le_username] == '')
{
	die('You do not have permission to edit this post');
}
$connection = mysql_connect($host,$dbuser,$dbpassword);
$db = mysql_select_db($database);
$query_posts = "SELECT * FROM posts WHERE id='$_GET[id]'";
$result_posts = mysql_query($query_posts);
$row_posts = mysql_fetch_array($result_posts);
$query_visitor = "SELECT * FROM members WHERE username='$_COOKIE[le_username]'";
$result_visitor = mysql_query($query_visitor);
$row_visitor = mysql_fetch_array($result_visitor);
echo $_GET[action];
echo $_GET[id];
switch (@$_GET[action])
{
	case "guest_delete":
		if ($row_visitor[position] != 'administrator')
		{
			die('You do not have permission to edit this post');
		}
		$query_drop_post = "DELETE posts WHERE id='$_GET[id]'";
		$result_drop_post = mysql_query($query_drop_post);
		BREAK;
	case "member_delete":
		if ($row_posts[name] != $_COOKIE[le_username] && $row_visitor[position] != 'administrator')
		{
			die('You do not have permission to edit this post');
		}
		$query_member = "SELECT * FROM members WHERE username='$row_posts[name]'";
		$result_member = mysql_query($query_member);
		$row_member = mysql_fetch_array($result_member);
		$updated_post = $row_member[posts]-1;
		$query_post_update = "UPDATE members SET posts='$updated_post' WHERE username='$row_post[name]'";		
		$result_post_update = mysql_query($query_post_update);		
		$query_drop_post = "DELETE posts WHERE id='$_GET[id]'";
		$result_drop_post = mysql_query($query_drop_post);
		BREAK;
	default:
		die('error');
}
header ("Location: index.php");
 
Virtuoso said:
Why does the switch keep going into the default stage?

I'm not entirely sure, but I do notice several problems with your script.

First of all, you seem to be calling all of your associative arrays like $array[key]. Though this may work, it is deprecated functionality and, well, wrong. Associative array keys must be specified as strings, e.g. $array['key'].

In other words, where you have $_COOKIE[le_username], $_GET[action], and $row_posts[name], you should have $_COOKIE['le_username'], $_GET['action'], and $row_posts['name']. This is only true for associative indexes (numeric indexes like $array[0] do not require quotes) and if you have a string in a variable you don't need the quotes (e.g. $array[$string], not $array["$string"]). Refer to the section called "Array do's and don'ts" on this page for more information.

Next problem: header ("Location: index.php"); First of all, it seems as though in every case you're echoing something before you send this header. This is not allowed by the HTTP spec -- headers must be sent before any other output. See the header() documentation for more information (look for the paragraph that starts with "Remember that header() must be called before any actual output is sent...").

Lastly, and this is just a small thing, putting @ (the error-control operator) in front of $_GET['action'] is useless, because there's absolutely no case in which returning the value of $_GET['action'] could generate an error. So, using @$_GET['action'] won't hurt anything, but it also won't ever do anything useful.
 
if i have to do have ',
how do I do this
Code:
$query_drop_post = "DELETE posts WHERE id='$_GET[id]'";
do i do this?
Code:
$query_drop_post = "DELETE posts WHERE id='$_GET['id']'";
im not sure cause the i might have too many 's
or do I do:
Code:
$query_drop_post = "DELETE posts WHERE id='$_GET["id"]'";
or should I just rename the variable?
 
oh yeah, the edit, which is similar to the delete works fine though.

URL:
...edit.php?action=member_edit&id=8

Code:
<?php
$title = 'Post Site Index';
include('header.php');
if ($_COOKIE[le_username] == '')
{
	die('You do not have permission to edit this post');
}
$connection = mysql_connect($host,$dbuser,$dbpassword);
$db = mysql_select_db($database);
$query_posts = "SELECT * FROM posts WHERE id='$_GET[id]'";
$result_posts = mysql_query($query_posts);
$row_posts = mysql_fetch_array($result_posts);
$query_visitor = "SELECT * FROM members WHERE username='$_COOKIE[le_username]'";
$result_visitor = mysql_query($query_visitor);
$row_visitor = mysql_fetch_array($result_visitor);
?>
<form method="post" action="edit_query.php">
<?php
switch (@$_GET[action])
{
	case "guest_edit":
		if ($row_visitor[position] != 'administrator')
		{
			die('You do not have permission to edit this postoo');
		}
		echo '<textarea name="message" rows="5" cols="40">'.$row_posts[message].'</textarea>';
		echo '<input type="hidden" name="id" value="'.$_GET[id].'">';
		BREAK;
	case "member_edit":
		if ($row_posts[name] != $_COOKIE[le_username] && $row_visitor[position] != 'administrator')
		{

			die('You do not have permission to edit this post');
		}
		echo '<textarea name="message" rows="5" cols="40">'.$row_posts[message].'</textarea>';
		echo '<input type="hidden" name="id" value="'.$_GET[id].'">';
		BREAK;
	default:
		die('Error');
}
echo '<input type="submit" value="submit">';
?>
</form>
<?php
include('footer.php');
?>

----------------------------------------------------


Next problem: header ("Location: index.php"); First of all, it seems as though in every case you're echoing something before you send this header. This is not allowed by the HTTP spec -- headers must be sent before any other output. See the header() documentation for more information (look for the paragraph that starts with "Remember that header() must be called before any actual output is sent...").

the echos were put in just to see if I had a value for them, but i didn't. not sure if that is an important information
 
Virtuoso said:
if i have to do have ',
how do I do this
Code:
$query_drop_post = "DELETE posts WHERE id='$_GET[id]'";
do i do this?
Code:
$query_drop_post = "DELETE posts WHERE id='$_GET['id']'";
im not sure cause the i might have too many 's
or do I do:
Code:
$query_drop_post = "DELETE posts WHERE id='$_GET["id"]'";
or should I just rename the variable?

The documentation, as usual, has the answer. See the Strings section, and skip down to the "Variable parsing" section.

Basically you have two options:

a) you can use curly braces.

Code:
$query_drop_post = "DELETE posts WHERE id = '{$_GET['id']}'";

b) as is the case with all strings, you can use string concatenation

Code:
$query_drop_post = "DELETE posts WHERE id = '" . $_GET['id'] . "'";

I wholeheartedly recommend, to every beginning PHP writer, using string concatenation in every situation that they wish to insert a PHP expression into a string. It requires PHP to do less processing, and it also makes your code significantly more readable (because in a syntax-highlighting editor you can tell at a glance what's part of the string and what's a PHP expression being inserted into the string).

I'm still rather stumped by your switch() problem, though.
 
it would probably be a good idea that if you have 2 conditions inside an if to seperate them

if ($row_posts[name] != $_COOKIE[le_username] && $row_visitor[position] != 'administrator')

to

if (($row_posts[name] != $_COOKIE[le_username]) && ($row_visitor[position] != 'administrator'))

ciao baby :!:
 
Back
Top