At 05:23 PM 2/22/2001 -0700, you wrote:
>I've resolved a similar error by using isset() for if ($id) but when I do
>the same for if (!$id) I get a parse error.

Sounds like you placed the ! in the wrong spot maybe?  "if(!isset($foobar)) 
{}" is fine syntactically as far as I am aware.

>Second error.  I'm getting an undefined variable error when I have a blank
>form to make an insert.  If I pull up a record to update in the form, there
>is no error, only when I pull up a blank one.  Linux seems to have place
>holders in the forms and I don't get the error.  Here is a part of the code
>referred to in the error.

My guess is that you are not getting *errors* but spurious *warnings* 
because your error_level() is set too high.  Set it to 7 and you should 
only get meaningful errors and warnings.

>if (isset($id)) {
>$sql="SELECT * FROM tblpeople WHERE id=$id";

Don't do stuff like this *ever* with user defined variables.  Bad bad bad. 
=)  You cannot trust people to not slip in things other than what you 
expect into "$id":


This will match everything in your database which could be bad.  Also, 
MySQL has stated that they are eventually going to allow multiple queries 
per call which means that in the above case you can add on a "drop 
database" call which is understandably serious.

Always perform sanity checking on user supplied ("tainted") data.

I'll stop preaching now.


Island Net AMT Solutions Group Inc.          Telephone:          250 383-0096
1412 Quadra                                  Toll Free:        1 800 331-3055
Victoria, B.C.                               Fax:                250 383-6698
V8W 2L1                                      E-Mail:    [EMAIL PROTECTED]
Canada                                       WWW:

PHP Database Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to