How am I to intrepre the following php code

[jayhawker]

 

In the following code: what do the following basicall do?

1.) $colname_rsOrderDetails = "-1";

2.) $colname_rsOrderDetails = (get_magic_quotes_gpc()) ? $_SESSION['id_ord'] : addslashes($_SESSION['id_ord']);

3.) $query_rsOrderDetails = sprintf("SELECT * FROM orderdetail_ode WHERE idord_ode = %s", GetSQLValueString($colname_rsOrderDetails, "text"));

 

And also what does the %s stand for

4.) %s

 

$colname_rsOrderDetails = "-1";

  $_SESSION['id_ord'] = "{id_ord}";

if (isset($_SESSION['id_ord'])) {

  $colname_rsOrderDetails = (get_magic_quotes_gpc()) ? $_SESSION['id_ord'] : addslashes($_SESSION['id_ord']);

}

mysql_select_db($database_t_shop, $t_shop);

$query_rsOrderDetails = sprintf("SELECT * FROM orderdetail_ode WHERE idord_ode = %s", GetSQLValueString($colname_rsOrderDetails, "text"));

$rsOrderDetails = mysql_query($query_rsOrderDetails, $mx_shop); or die(mysql_error());

$row_rsOrderDetails = mysql_fetch_assoc($rsOrderDetails);

 

 

 

[j9sjam3]

Please use code brackets

[code]code here[//code] (without the double slash)

Is this Dreamweaver code? Its usually a lot easier to write your own and you learn a lot more from doing it yourself...

[nethnet]

A lot of these questions could be easily answered if you just took a look at the PHP Manual, but regardless, I'll do my best to answer them for you.

 

1.) $colname_rsOrderDetails = "-1";

 

This is just a simple variable declaration.  The script is setting this variable equal to the string "-1" (it's being typecast as a string, not an integer, hence the double quotes).

 

2.) $colname_rsOrderDetails = (get_magic_quotes_gpc()) ? $_SESSION['id_ord'] : addslashes($_SESSION['id_ord']);

 

This is an example of the ternary operator.  It's a concise way to write an IF/ELSE statement featured in most programming languages.  Basically, rewritten as an IF/ELSE statement, this says:

 

<?php

if (get_magic_quotes_gpc()) {
    $colname_rsOrderDetails = $_SESSION['id_ord'];
} else {
    $colname_rsOrderDetails = addslashes($_SESSION['id_ord'];
}

?>

 

The get_magic_quotes_gpc() function checks to see if the magic_quotes_gpc directive is turned on or off.  This is a configuration setting that will automatically escape $_ENV variables (meaning slashes are automatically added before ", ', \, and NUL).  The operation checks to see if this setting is turned on for PHP, and if it is not, it adds slashes to the $_SESSION variable and stores that value as $colname_rsOrderDetails, otherwise, it just sets $colname_rsOrderDetails equal to the $_SESSION variable itself (since it is already escaped).

 

3.) $query_rsOrderDetails = sprintf("SELECT * FROM orderdetail_ode WHERE idord_ode = %s", GetSQLValueString($colname_rsOrderDetails, "text"));

 

By now, the $colname_rsOrderDetails has one of two values.  It is either set to "-1" (the default value it was given at the beginning of the script), or it was set equal to an escaped version of the $_SESSION['id_ord'] variable (only if this variable existed, that is).  Whatever this value is, it is passed to GetSQLValueString(), which isn't actually a legitimate PHP function.  This was a built-in function in Dreamweaver to prevent SQL injections, by parsing it's parameter and returning it (in our case) as "text".  The sprintf() function is a formatting function.  What it says is "take what we got from my second parameter, and put it into my first parameter in place of %s".  The whole line itself is just a security measure to prevent SQL attacks.

 

And also what does the %s stand for

4.) %s

 

Like I mentioned, %s is used in the sprintf() function.  There are several different letters that can be used instead of s, and they all mean something different.  %s means that the argument will be treated as a string.  Have a look at the sprintf() function at the PHP Manual to see all of the different specifiers that can be used.

 

I hope that helped.

 

-derrick

[jayhawker]

Thanks!  That was very hefpful.  Yes, I am using DreamWeaver but only because this particular web app was created 5 years ago in it and has several add-ins.

 

What editor do you recommend.  I am usually developing with .net using Visual Studio. 

 

Also, if I were to write the following code:

 

$orderID = '45495562754892521062894091';

mysql_select_db($database_mx_shop, $t_shop);

$query_rsOrderDetails = sprintf("SELECT * FROM orderdetail_ode WHERE idord_ode = $orderID");

$rsOrderDetails = mysql_query($query_rsOrderDetails, $t_shop);

$row_rsOrderDetails = mysql_fetch_assoc($rsOrderDetails);

 

If I have a field named "firstname" in the database "orderdetail" , would I not use the following code to get the value that is in "firstname" for the record with the the primarkey 45495562754892521062894091 ?

$firstname = $row_rsOrderDetails['firstname'];

 

Thanks again for the assistance.

[nethnet]

Yes, that is how you would access the `firstname` field of your database.  Are you having issues with it?

[jayhawker]

Thanks again for trying to help.  Unfortunately, I have issues that I haven't been able to resolve.  No errors, I just don't get any data. 

 

Using the code above, the numbers represent an actual order number, there is data in the fields, but for some reason I don't get anything back when I trying to use it in a function on the page.  I have the exact same code in another part of part of the page tha tis not in a function and it works fine, pulling the data from the tables and displaying it in an echo. 

 

The function that I am trying to accomplish the same thing in is to e-mail the same information that echoe's successfully.  I am about to pull my hair out trying to figure out why I can't get any data.

 

Any ideas?