Ok, I'm taking over a company website after the original web master quit. I haven't done any PHP in about a year, so I'm somewhat rusty and if someone could just clarify some of these things, that would be great.
I'm sure I'll come across it later in my reviews and reading of code books, but it would be easier for me to get working on this site if I knew what it did now, instead of later.
First, I believe he put this in for security, but I'm not sure what this snippet of code is doing. It is located after each page that has a MySQL connect script and right before MySQL database query (unfortunately, he decided to put the connect on each individual page instead of one file thats included :-\). Mostly, I want to be ensured that I could take this and just add it to the included MySQL connection file that I built, though it would be nice if I knew what it did.
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
This is the same on every page he made that has a MySQL connection script in it, and in the same relative location.
The other thing he did that I'm not completely sure about the use of <?php do { ?> in this next snippet of code (line two)
<tr class="inventory_table_descriptor"><td>Description</td><td align="right">Price</td></tr>
<?php do { ?>
<?php
$class = ($class == 'odd') ? 'even' : 'odd';
?>
<tr class="<?php echo $class ?>">
<td><?php echo $row_WindowsXP['description']; ?></td>
<td align="right">$<?php echo $row_WindowsXP['price']; ?></td>
</tr>
This is placed in the page after the start of the HTML, right before the script starts to place the data that was retrieved from the database into a table.
Mostly, does the script need to be opened and closed like that just for the "do {" function? Isn't that kinda redundant?