Is there a shorter, more optimal way to check a GET parameter?

3569 views php
-3

I am checking whether or not a parameter in the URI exists. Then, I am checking whether or not it is a number, and then I am checking whether the forum post exists. Is there a shorter, better way to do this instead of repeating myself?

There sorry.php page is the error page I am including.

I don't even know if I am going about this correctly. I am still fairly new to this.

<!DOCTYPE html>
<html lang="en">
    <head>
        <?php 
        //require head
        require '../partials/head.php';
        ?>
        <title>KTOWN | </title>
    </head>
    <body>
        <?php 
        //sidenav 
        include '../partials/sidenav.php';
        ?>
        <div class="container">
            <?php 
            //header 
            include '../partials/header.php';
            ?>
            <main>
                <?php 

                if(!isset($_GET['id'])){

                    include '../partials/sorry.php';

                }else{
                    if(!is_numeric($_GET['id'])){

                        include '../partials/sorry.php';

                    }else{
                        $postId = (int)$_GET['id'];
                        $qry = '
                        SELECT forum_posts.id AS postId, forum_cats.name AS catName, site_users.username AS postAuthor, forum_posts.post_title AS postTitle, forum_posts.post_content AS postContent, forum_posts.is_anon AS postAnon, forum_posts.show_post AS showPost
                        FROM forum_cats 
                        JOIN forum_posts ON forum_cats.id = forum_posts.post_cat_id
                        JOIN site_users ON site_users.id = forum_posts.post_author_id
                        WHERE forum_posts.id = ?';
                        $getPost = $conn->prepare($qry);
                        $getPost->bind_param('i',$postId);
                        $getPost->execute();
                        $result = $getPost->get_result();

                        if($result->num_rows < 1){
                            include '../partials/sorry.php';
                        }else{

                            while($row = $result->fetch_object()){
                                $postId = $row->postId;
                                $postTitle = $row->postTitle;
                                $postAuthor = $row->postAuthor;
                                $postAnon = $row->postAnon;
                                $showPost = $row->showPost;
                                $postContent = $row->postContent;
                            }

                            if($showPost === 0){
                                include '../partials/sorry.php';
                            }else{
                ?>

                            <div class="forum_post">
                                <h1><?php echo $postTitle; ?></h1>
                                <?php 
                                if($postAnon === 1){
                                    echo '<h2 class="forum_post__author">by <i class="fa fa-user-secret"></i> Anonymous</h2>';
                                }else{
                                    echo '<h2 class="forum_post__author"> by '.$postAuthor.'</h2>';
                                }
                                ?>
                                <p class="forum_post__content"><?php echo $postContent; ?></p>
                                <button class="btn btn--red"><i class="fa fa-flag"></i> Report</button>
                            </div>
                            <form class="forum-reply-form">
                                <h2>Reply Here</h2>
                                <div class="fgrp">
                                    <textarea name="replyContent" id="replyContent" cols="30" rows="6" class="input input__textarea"></textarea>
                                </div>
                                <div class="fgrp">
                                    <button id="subbut" class="btn btn--orange">Submit</button>
                                </div>
                                <div class="errbox"></div>
                            </form>
                            <div ><h2><i class="fa fa-reply"></i> Replies</h2></div>
                    

                <?php 
                            }
                

answered question

if(isset($_GET['id']) && is_numeric($_GET['id'])){ run the query } else {

2 Answers

5

At least you can save your self some nesting:

When using and, any expression will be false, if the left-most sub-expression is already false. Any expression to the right will not even be evaluated.

So, you can use:

if(isset($_GET['id']) && is_numeric($_GET['id'])){
   //show content
}else{
   include '../partials/sorry.php';
}

is_numeric($_GET['id']) wouldn't be evaluated, if isset($_GET['id']) returns false, hence there is no problem with null-references.

posted this
8

I'd go with a combination of the null-coalescing operator and filter_var()...

if ($id = filter_var($_GET['id'] ?? null, FILTER_VALIDATE_INT)) {
    // all good
} else {
    include '../partials/sorry.php';
}

posted this

Have an answer?

JD

Please login first before posting an answer.