Well, what I can tell you is that $_GET['status'] in a php script will contain the value of the status query parameter. E.g., if you call http://example.com/potato?status=sprouted, $_GET['status'] on potato.php will be 'sprouted' in that context.
Now, if you change the URL to ?statusxx, or change _GET['status'] to _GET['statusxxx'], then the $status variable in getTask.php will remain at its default value of '%', and the SQL command 'bla bla WHERE status like $status' will do 'where status like '%'', which is correct SQL. The only difference is I imagine that if you change status to statusxx, you'll find that you can no longer filter by status. That said, the database in question was created with status as an integer column type, and I'm not really wild about using a LIKE operator on an integer column. As in: I'm pretty sure that doesn't even work in the first place. I'm also not wild about using an integer timestamp instead of a timestamp or datetime column type. As to the frontend, I'm not happy with the angular code style either. getTask() should return a promise, and all the scope functions should also return promises. All the promises should have failure routes attached to them (or at least the bottom of the chain should). I guess what I'm trying to say here is: this particular tutorial isn't terrible, but it isn't good. It doesn't represent best practices in angular or backend programming. Don't get too hung up on getting it to work just right, because it will teach you bad habits. If you're really interested in working on angular tutorials, I'd start with the ones on angularjs.org in the learn dropdown. I also like the videos on http://egghead.io (although they're not all free). e On Sun, Aug 31, 2014 at 6:55 PM, Jeffrey Calingasan < [email protected]> wrote: > > > On Monday, September 1, 2014 8:29:35 AM UTC+8, Eric Eslinger wrote: > >> This is what you'd call, strictly speaking, a php question. >> >> http://php.net/manual/en/reserved.variables.get.php >> >> $_GET is used for conditional rendering and whatnot in PHP. In the >> earlier angular stuff, you construct a URL thusly: ajax/updateTask.php? >> taskID="+item+"&status="+status >> >> and then that variable is directly inserted into your SQL call here: >> >> $query="select ID, TASK, STATUS from tasks where status like '$status' >> order by status,id desc"; >> >> Which is pretty much asking for someone to ask for a task whose status is >> 1';drop table tasks;-- or something like that. >> >> >> >> Eric >> >> >> I don't think $_GET['status'] from gettask.php get its data from this > line ajax/updateTask.php? > taskID="+item+"&status="+status, cause in gettastk.php you can change > $_GET['status'] into $_GET['statusxx'] and it will still work. > > -- > You received this message because you are subscribed to the Google Groups > "AngularJS" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/angular. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
