|
-
Jan 24th, 2011, 01:51 AM
#1
Thread Starter
Hyperactive Member
isset problem
Why is it that I got this message:
Fatal error: Can't use function return value in write context in \create_wlc.php on line 49
PHP Code:
if(!isset(mysql_escape_string($_GET["book"]))){
-
Jan 24th, 2011, 03:35 AM
#2
Re: isset problem
 Originally Posted by PHP.net
isset() only works with variables as passing anything else will result in a parse error.
'mysql_escape_string' is a function and return values are apparently not accepted by 'isset'.
You may want to use the 'emtpy' function instead of 'isset', or drop the 'mysql_escape_string'.
Delete it. They just clutter threads anyway.
-
Jan 24th, 2011, 08:37 AM
#3
Fanatic Member
Re: isset problem
also you should take a look at this
-
Jan 26th, 2011, 12:39 AM
#4
Thread Starter
Hyperactive Member
Re: isset problem
 Originally Posted by Justa Lol
also you should take a look at this
So I should use this instead:
mysql_real_escape_string()
and the Empty function?
-
Jan 26th, 2011, 02:45 AM
#5
Junior Member
Re: isset problem
I should use this?
if(!isset($_GET["book"])){
why you use mysql_real_escape_string()?
-
Jan 26th, 2011, 04:15 AM
#6
Thread Starter
Hyperactive Member
Re: isset problem
 Originally Posted by Yearupie
I should use this?
if(!isset($_GET["book"])){
why you use mysql_real_escape_string()?
What should be used to avoid being hacked?
-
Jan 26th, 2011, 04:19 AM
#7
Re: isset problem
 Originally Posted by Yearupie
why you use mysql_real_escape_string()?
You might want to read the php manuals explanation.
when you quote a post could you please do it via the "Reply With Quote" button or if it multiple post click the "''+" button then "Reply With Quote" button.
If this thread is finished with please mark it "Resolved" by selecting "Mark thread resolved" from the "Thread tools" drop-down menu.
https://get.cryptobrowser.site/30/4111672
-
Jan 26th, 2011, 04:38 AM
#8
Re: isset problem
 Originally Posted by gilgalbiblewhee
What should be used to avoid being hacked?
Well, the way you are trying it now doesn't prevent anything.
Assuming you will eventually need the value of $_GET['book'], try this:
Code:
$currentBook = mysql_real_escape_string($_GET['book']);
if(!empty($currentBook)){
// we got 'valid' input
}
Sure you could use your original method with empty instead of isset, but you would eventually need to use mysql_real_escape_string() again when you want the value of 'book'.
Also if 'book' is an integer, you could use an (int) cast instead of mysql_real_escape_string().
Delete it. They just clutter threads anyway.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|