I am doing custom search for table. I have three search parameters: from, to and status. I have used eval() to filter result according to received parameter. Below is my code:
$search = ($from != "" || $to != "" || $status != "" );
if ($search) {
if ($from != '') {
$condition[] = '$from == $res["from_number"]';
}
if ($to != '') {
$condition[] = '$to == $res["to_number"]';
}
if ($status != '') {
$condition[] = '$status == $log["status"]';
}
$search = "if(" . implode(' && ', $condition) . '){ return false; } else { return true; }';
}
After getting the conditions I am using eval
if (eval($search)) {
}
My problem is I don't want to use eval(). It may cause security issues. Ladder if else is not possible, it would be very lengthy. Any other solution?
e.g. If i have passed value for status then i want check like
if($status == $log["status"]) {
}
if i have passed to & from number then it should be like:
if($from == $res["from_number"] && $to == $res["to_number"]) {
}
Don't use eval - it is potentially dangerous and not recommended to use.
Your code can be like this:
$result = false;
if ($from != "" || $to != "" || $status != "") {
if ($from != '' && $from != $res["from_number"]) $result = true;
if ($to != '' && $to != $res["to_number"]) $result = true;
if ($status != '' && $status != $log["status"]) $result = true;
}
if ($result) {
// ........
}
Related
$regionFilter = isset($additionalDate['region']) &&
in_array($additionalDate['region'], $this->request["insuranceCompanyRegion"]);
$cityFilter = isset($additionalDate['city']) &&
in_array($additionalDate['city'], $this->request["insuranceCompanyCity"]);
if ($isRegionFilter && $isCityFilter) {
$filterCondition = $regionFilter && $cityFilter;
} elseif ($isCityFilter) {
$filterCondition = $cityFilter;
} elseif ($isRegionFilter) {
$filterCondition = $regionFilter;
}
if ($filterCondition) {
$this->companyIds[$q->id] = $q->name;
}
I need to make this condition simpler to edit in the future, how can I make it?
if ($regionFilter || $cityFilter) {
$this->companyIds[$q->id] = $q->name;
}
You can use shorthand If / Else check this 1
so for example
if($isRegionFilter && $isCityFilter){
$filterCondition = $regionFilter && $cityFilter;
becomes
$filterCondition=($isRegionFilter && $isCityFilter) ? $regionFilter && $cityFilter;
$filterCondition=($isRegionFilter && $isCityFilter) ? $regionFilter && $cityFilter : (($isRegionFilter) ? $regionFilter : $cityFilter);
When doing php validation should I First do the filter sanitizing/validating or is it okay to do it as part of an if statement see the examples below
First Example
$vvalidation = 0;
if (isset($_POST['db9_name']) && $_POST['db9_name'] != ''){
$name = $_POST['db9_name'];
if (filter_var($name, FILTER_SANITIZE_STRING === null)){
$vvalidation++;
}
} else{
$vvalidation++;
}
Second Example
$vvalidation = 0;
if (isset($_POST['db9_name']) && $_POST['db9_name'] != ''){
$name = $_POST['db9_name'];
$vname = filter_var($name, FILTER_SANITIZE_STRING);
if ($vname === null)){
$vvalidation++;
}
} else{
$vvalidation++;
}
and for email ?
example 1
if (isset($_POST['txtemail']) && $_POST['txtemail'] !== '') {
$vEmail = strtolower(strip_tags(trim($_POST['txtemail'])));
$vEmail = str_replace(' ', '', $vEmail);
if (filter_var($vEmail, FILTER_SANITIZE_EMAIL) === null) {
$vValidation++;
} elseif (filter_var($vEmail, FILTER_VALIDATE_EMAIL) === null) {
$vValidation++;
}
} else {
$vValidation++;
}
example 2
if (isset($_POST['txtemail']) && $_POST['txtemail'] !== '') {
$vEmail = strtolower(strip_tags(trim($_POST['txtemail'])));
$vEmail = str_replace(' ', '', $vEmail);
$email = (filter_var($vEmail, FILTER_SANITIZE_EMAIL);
$email .= (filter_var($vEmail, FILTER_VALIDATE_EMAIL);
if (email === null){
$vValidation++;
} else {
$vValidation++;
}
or does it not really matter?
I have the following code:
if ($Type != "DEA" and $VA != "Allowed" and $VolSess != 1) {
$max_rows = max($CMSReg_num_rows);
if ($max_rows == 0) {
mail($to, $subject, $body);
header('Location: '.bloginfo('home_url').'/profile');
}
}
The problem I have is that that an email is sent despite the if-statement being false, and only an email is sent. The rest of the code is not executed, i.e. no redirect. And when I comment out the mail() function, it does not send the email.
And when I add this code:
if ($VA == "Allowed") {
echo "VA = " . $VA;
}
if ($VolSess == 1) {
echo "VolSess = " . $VolSess;
}
I get this output:
VA = Allowed VolSess = 1
So I know that the condition in the if statement is false.
AND has a different order of precedence compared to &&. So your expression does not evaluate as you expect it to.
("$Type" != "DEA" and $VA != "Allowed" and $VolSess != 1)
should be
(("$Type" != "DEA") and ($VA != "Allowed") and ($VolSess != 1))
or
("$Type" != "DEA" && $VA != "Allowed" && $VolSess != 1)
for it to work as you expect it. This is one of those tiny mistakes/bugs that's easy to overlook.
try do an else after...
elseif($VA == "Allowed"){}
Try using the WordPress wp_mail().
die; after header() and also add 302 as a second argument to the header() function.
Enable error reporting with ini_set('display_errors', true); error_reporting(-1); on top of your PHP code.
Tell us what you see after making these changes.
Try:
if ($Type != 'DEA' && $VA != 'Allowed' && $VolSess != 1)
{
$max_rows = max($CMSReg_num_rows);
if ($max_rows === 0)
{
mail($to, $subject, $body);
header('Location: ' . bloginfo('home_url') . '/profile');
}
}
EDIT
The above works, but so does the oringal question code... The problem is elsewhere.
<?php
$Type = 'foo';
$VA = 'Allowed';
$VolSess = 1;
if ($Type != 'DEA' and $VA != 'Allowed' and $VolSess != 1)
{
$max_rows = 0;
if ($max_rows === 0)
{
echo 'Orig True';
}
}
else
{
echo 'fine?';
}
if ($Type != 'DEA' && $VA != 'Allowed' && $VolSess != 1)
{
$max_rows = 0;
if ($max_rows === 0)
{
echo 'Second True';
}
}
else
{
echo 'fine?';
}
?>
Both print 'fine?' Implying your error is elsewhere in your code.
below is a snippet of code that I started with... then I made some changes based on the commented suggestion from stackoverflow user. (Please see below for my progress so far)
ORIGINAL
$valid = true;
// basic validation
$phoneNumber = str_replace( ' ', '', $phoneNumber );
if ( strlen( $phoneNumber ) < 10 || !is_numeric( $phoneNumber ) ) {
$valid = false;
}
$areaCode = substr($phoneNumber, 0, 3);
$prefix = substr($phoneNumber, 3, 3);
$mainPhone = substr($phoneNumber, 3, 7);
// perform the same regex matching:
if ($valid) {
$regex = '/^(?:\([2-9]\d{2}\)\ ?|[2-9]\d{2}(?:\-?|\ ?))/';
$valid = preg_match($regex, $areaCode);
}
if ($valid) {
$regex = '/^(?!\d[1]{2}|[5]{3})([2-9]\d{2})([. -]*)\d{4}$/';
$valid = preg_match($regex, $mainPhone);
}
// perform the original web validation:
if ( $valid ) {
// validate area code
if (
$areaCode == '000' ||
$areaCode == '111' ||
$areaCode == '222' ||
$areaCode == '333' ||
$areaCode == '444' ||
$areaCode == '555' ||
$areaCode == '666' ||
$areaCode == '777' ||
$areaCode == '999' ||
$areaCode == '123' || (is_string($areaCode) && !is_numeric($areaCode))) {
$valid = false;
}
}
if ( $valid ) {
// validate prefix
if ( $prefix == '123' ||
$prefix == '000' ||
$prefix == '111' ||
$prefix == '555' || (is_string($prefix) && !is_numeric($prefix))) {
$valid = false;
}
}
if ( $valid ) {
// validate main phone number
if ( $mainPhone == '2222222' ||
$mainPhone == '3333333' ||
$mainPhone == '4444444' ||
$mainPhone == '6666666' ||
$mainPhone == '7777777' ||
$mainPhone == '8888888' ||
$mainPhone == '9999999' || (is_string($phoneNumber) && !is_numeric($phoneNumber))) {
$valid = false;
}
}
return $valid;
NEW JAVASCRIPT VERSION (SO FAR)
below is a snippet of code that I am converting so far... I still have some PHP stuff in there can you guys help me out to remove/replace what this snippet needs to say to make it work?
function is_numeric(n) {
return !isNaN(parseFloat(n)) && isFinite(n);
}
function phonenumberIsValid(phonenumber)
{
var valid = true;
// basic validation
var phonetest = phonenumber.replace(' ','');
if ( strlen( phonetest ) < 10 || !is_numeric( phonetest ) ) {
valid = false;
}
var areaCode = phonetest.substr(0,3);
var prefix = phonetest.substr(3,3);
var mainPhone = phonetest.substr(3,7);
// perform the same regex matching that LeadMaster does:
if(valid){
valid = areaCode.match('/^(?:\([2-9]\d{2}\)\ ?|[2-9]\d{2}(?:\-?|\ ?))/');
}
if(valid){
valid = mainPhone.match('/^(?!\d[1]{2}|[5]{3})([2-9]\d{2})([. -]*)\d{4}$/');
}
// perform the original web validation:
if(valid){
// validate area code
if (
areaCode == '000' ||
areaCode == '111' ||
areaCode == '222' ||
areaCode == '333' ||
areaCode == '444' ||
areaCode == '555' ||
areaCode == '666' ||
areaCode == '777' ||
areaCode == '999' ||
areaCode == '123' || (!is_numeric(areaCode)) {
valid = false;
}
}
if(valid) {
// validate prefix
if ( prefix == '123' ||
prefix == '000' ||
prefix == '111' ||
prefix == '555' || (!is_numeric(prefix)) {
valid = false;
}
}
if(valid) {
// validate main phone number
if ( mainPhone == '2222222' ||
mainPhone == '3333333' ||
mainPhone == '4444444' ||
mainPhone == '6666666' ||
mainPhone == '7777777' ||
mainPhone == '8888888' ||
mainPhone == '9999999' || (!is_numeric(phoneNumber)) {
valid = false;
}
}
return valid;
}
PregMatch can be replaced with "myString".match so for instance.
if ($valid) {
$regex = '/^(?:\([2-9]\d{2}\)\ ?|[2-9]\d{2}(?:\-?|\ ?))/';
$valid = preg_match($regex, $areaCode);
}
would become
if(valid){
valid = areaCode.match('/^(?:\([2-9]\d{2}\)\ ?|[2-9]\d{2}(?:\-?|\ ?))/');
}
and
str_replace("search","replace",$myString)
becomes
myString.replace("search","replace")
In fact most of this can be worked out yourself by typing things like "str_replace javascript" into google and looking for the previous stack overflow answer :)
I know this code-bit does not conform very much to best coding practices, and was looking to improve it, any ideas?
if ($query['date_min'] != _get_date_today())
$mode_min = true;
if ($query['date_max'] != _get_date_today())
$mode_max = true;
if ($mode_max && $mode_min)
$mode = "between";
elseif ($mode_max && !$mode_min)
$mode = "max";
elseif (!$mode_max && $mode_min)
$mode = "min";
else
return;
if ($mode == "min" || $mode == "between") {
$command_min = "A";
}
if ($mode == "max" || $mode == "between") {
$command_max = "B";
}
if ($mode == "between") {
$command = $command_min . " AND " . $command_max;
} else {
if ($mode == "min")
$command = $command_min;
if ($mode == "max")
$command = $command_max;
}
echo $command;
Solution:
$mode_min = ($query['date_min'] != _get_date_today());
$mode_max = ($query['date_max'] != _get_date_today());
if ($mode_min){
$command_min = "A";
}
if ($mode_max) {
$command_max = "B";
}
if ($mode_min && $mode_max) {
$command = $command_min . " AND " . $command_max;
} else {
if ($mode_min)
$command = $command_min;
if ($mode_max)
$command = $command_max;
}
Technically your variables are undefined if the condition is not met, so I would just use:
$mod_min = ($query['date_min'] != _get_date_today());
$mod_max = ($query['date_max'] != _get_date_today());
Apart from that, why are you defining the $mode variable, do you need it somewhere else? If not, you can just use $mod_min and $mod_max in your last set of if statements.
For example:
if ($mode == "min" || $mode == "between")
seems to translate to:
if ($mod_min)
Edit: An edit of your last update:
$command_min = "A";
$command_max = "B";
if ($mode_min && $mode_max) {
$command = $command_min . " AND " . $command_max;
}
elseif ($mode_min){
$command = $command_min;
}
elseif ($mode_max) {
$command = $command_max;
} else {
return;
}