• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
$this in a condition

#1
[eluser]TDSPower[/eluser]
Hello CI developpers,

I come again on this board to ask you some help.

Here is my model :

Code:
...

        function getNews($cat){
            if($cat != "0")
            {
                $this->db->where('id_cat',$cat);
                $output['titre_page'] = $this->getNomCat($cat);
            }
            else
            {
                $output['titre_page'] = 'Toutes les news';
            }
                   ...
               }

...

        function getNomCat($idcat){
                $query = $this->db->query('SELECT nom_cat FROM news_categories WHERE id='.$idcat.' LIMIT 1');
                $row = $query->row();
                return $row->nom_cat;
        }
    }
...

The line $output['titre_page'] = $this->getNomCat($cat); createx a php error (Trying to get property of non-object) if the parameter $cat is not egual to 0 (And doesn't launch this line).

What could be the solution ? I can put a @ behind the line but it is too simple Smile

Thanks,

François JAGUELIN

#2
[eluser]xwero[/eluser]
what does the line
Code:
$this->db->where('id_cat',$cat);
I think this can be the cause of the error.

#3
[eluser]TDSPower[/eluser]
Thanks for this fast answer.

In fact, in all cases I execute a query, but if $cat!=0, I want to select only rows where id_cat == $cat.

Canno't use a "$this->db->where" in a condition ?

Thanks again,

François

EDIT : I have tested without the where, and the error is still here.

#4
[eluser]xwero[/eluser]
Is the category id an existing category id?

#5
[eluser]TDSPower[/eluser]
I am such a dumb... You have right !

It's a little bit difficult to start with a Framework when you have never used one before...

Sorry for these questions very "basical".

Thanks,

François.

#6
[eluser]xwero[/eluser]
No problem, now you know you have to makes checks for all queries.
You could write the getNomCat query 2 different ways
Code:
$query = $this->db->query('SELECT nom_cat FROM news_categories WHERE id=? LIMIT 1',array($idcat));
This way will escape the value to prevent sql attacks. And the other way is using the active records class
Code:
$this->db->select('nom_cat');
$this->db->from('news_categories');
$this->db->where('id',$idcat);
$this->db->limit(1);
$query = $this->db->get();
// or chained (php5)
$query = $this->db->select('nom_cat')->from('news_categories')->where('id',$idcat)->limit(1)->get();
This has the advantage of escaping the values and works with all the supported databases.

#7
[eluser]TDSPower[/eluser]
I adopt the first one !

I think it is the easily way to secure the application.

Thanks again,

François


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.