When Edit comment is pressed it sends ?edit=true to the same page. It then runs the second if statement chaning the >Edit comment< into >Save comment<. But when pressed >Save comment< it wont change back to >Edit comment<..
How can I make it change back into >edit comment< ?
The same goes for the contenteditable attribute being set to true or false. It only changes to true but won't change back to false.
Also I had no idea what to set as title so feel free to edit it lol.
kritiek.php
function is_logged_in(){
if($_SESSION["admin_logged_in"]){
return true;
} else {
return false;
}
<?php if (is_logged_in()) {
if ($_GET['edit'] === 'edit_false' || $_GET['edit'] == "") {
echo "<a href='kritiek.php?edit=edit_true'>Edit comment</a>";
}
if ($_GET['edit'] === 'edit_true') {
echo "<a href='kritiek.php?edit=edit_false'>Save comment</a>";
}
} ?>
<p <?php if($_GET['edit'] === 'edit_true'){ edit_comment(true);}
if($_GET['edit'] === 'edit_false'){ edit_comment(false); }?>
><?php echo $row['comments']; ?></p>
function edit_comment($link) {
if (is_logged_in()) {
if($link === true) {
echo "contenteditable='true'";
} else {
echo "contenteditable='false'";
}
}
}
?>
EDIT: changed
$_GET['edit'] == true
to
$_GET['edit'] === 'edit_true'
disappearing the button completely.
EDIT: fixed that by changing
if ($_GET['edit'] === 'edit_false'
to
if ($_GET['edit'] === 'edit_false' || $_GET['edit'] == "")
you're checking for a Boolean false not the string 'false' so ..
if ($_GET['edit'] == false) {
to
if ($_GET['edit'] === 'false') {
obviously change the other checks also
The better way to compare user input from the outside is to use filter_input, since all input is ultimately parsed as a string in PHP. You can't compare boolean values like that directly to a string (i.e. 'false' != false).
Instead, you could try something like this...
if (filter_input(INPUT_GET, 'edit', FILTER_VALIDATE_BOOLEAN) == false) {
/* $_GET['edit'] is false */
} elseif (filter_input(INPUT_GET, 'edit', FILTER_VALIDATE_BOOLEAN) == true) {
/* $_GET['edit'] is true */
}
This makes the comparison safer, since filter_input() will parse a string of "1", "true", "on", and "yes" as a boolean true and will parse a string of "0", "false", "off", "no", and "" - an empty string - as a boolean false. Additionally, if $_GET['edit'] is not set or null, filter_input() will still return null, still making it falsey, which is still much more expected and obvious behavior than trying to compare strings to booleans.
My prefered way of doing it is using the id of the item being edited. The lack of the edit key being false than it's a simple
isset( $_GET['edit'] )
style check that avoids all that type based stuff. And what are you editing, why this id
url?edit=1
Edit id #1 or what have you.
Related
I am building a page where GET parameters are used and i am wondering if this piece of code successfully evaluates the next conditions: $_GET["id"] must be an integrer and $_GET["status"] must be a "true" or "false".
$rawId = $_GET["id"];
$rawStatus = $_GET["status"];
$Id = filter_var($rawId, FILTER_SANITIZE_NUMBER_INT);
$Id = filter_var($Id, FILTER_VALIDATE_INT);
if (!$Id) {
die();
}
if ($rawStatus != "true" && $rawStatus != "false") {
die();
}
You can use is_int and is_bool to achieve this. Make sure you are also checking if the $_GET vars are set before you do this to avoid potential notices
$rawId = (isset($_GET["id"]) ? $_GET["id"] : null);
$rawStatus = (isset($_GET["status"]) ? $_GET["status"] : null);
if (!is_int($rawId)) {
//handle
}
if (!is_bool($rawStatus)) {
//handle
}
FILTER_SANITIZE_NUMBER_INT allows for ., + and -, which you probably don't want to include. Using FILTER_VALIDATE_INT would be fine for regular integer checks, though keep in mind that this will return false for 0. If you want your IDs to also include 0, then you'll need to explicitly check for this:
$Id = filter_var($rawId, FILTER_VALIDATE_INT) === 0 || filter_var($rawId, FILTER_VALIDATE_INT));
Assuming you want $rawStatus to be a literal string of true / false, then the way you have it covered at the moment is probably the most optimal approach, though it sounds like you're trying to make a boolean check here. In this case, you can simply check for the presence of $rawStatus, using the lack of its presence to denote a falsy value:
if ($rawStatus)
And as you mention in your comment, you will indeed want to check that both are set with isset()... but you'll also want to check that the values are not empty. This can be done with !empty().
I'd also recommend only proceeding in a know valid state, rather than calling die() in a known invalid state.
Putting this all together, you'll have something that looks like the following:
$rawId = null;
if (isset($_GET["id"]) && !empty($_GET["id"])) {
$rawId = $_GET["id"];
}
if (isset($_GET["status"]) && !empty($_GET["status"])) {
$rawStatus = $_GET["status"];
}
$Id = filter_var($rawId, FILTER_VALIDATE_INT) === 0 || filter_var($rawId, FILTER_VALIDATE_INT);
if ($Id && $rawStatus) {
// Logic
}
If you need to check the type of $rawId and $rawStatus you can do it
is_integer($rawId); // return true if $rawId is integer
is_bool($rawStatus); // return true if $rawStatus is boolean
To check if $rawId has only numbers you can do it
is_numeric($rawId)
To check if $rawStatus is bool you can see this answer
Test if string could be boolean PHP
If is needed to parse the values you can use intval() and boolval()
Here is my sample code:
$issue_id = $_POST['issue_id'];
if(!empty($issue_id)){
echo 'true';
}
else{
echo 'false';
}
If I pass 0 to $_POST['issue_id'] by form submitting then it echo false. Which I want is: Condition will be true if the following conditions are fulfilled:
1. true when I pass any value having 0.
2. false when I don't pass any value. i.e: $_POST['issue_id'] is undefined.
I also tried this:
if(!isset($issue_id)){
echo 'true';
}
else{
echo 'false';
}
if(!empty($issue_id) || $issue==0){
echo 'true';
}
else{
echo 'false';
}
The last one is okay, meaning if I pass any value having ZERO then it will echo true. But it will also echo true if I don't pass any value. Any idea?
The last is okay, meaning if I pass any value having ZERO then it echo true. But it also echo true if I don't pass any value. Any idea?
if (isset($_POST["issue_id"]) && $_POST["issue_id"] !== "") {
}
please notice I used !== not !=. this is why:
0 == "" // true
0 === "" // false
See more at http://php.net/manual/en/language.operators.comparison.php
also if you are expecting number you can use
if (isset($_POST["issue_id"]) && is_numeric($_POST["issue_id"])) {
}
since is_numeric("") returns false
http://php.net/manual/en/function.is-numeric.php
Alternatively if you expect number good option is filter_var
if (isset($_POST["issue_id"]) {
$issue_id = filter_var($_POST["issue_id"], FILTER_VALIDATE_INT);
if ($issue_id !== false) {
}
}
since filter_var("", FILTER_VALIDATE_INT) will returns false and filter_var("0", FILTER_VALIDATE_INT) will return (int) 0
http://php.net/manual/en/function.filter-var.php
if(isset($_POST['issue_id'])) {
if($_POST['issue_id'] == 0) {
echo "true";
}
else {
echo "false";
}
}
When you get data from a form, remember:
All text boxes, whether input or textarea will come as strings. That includes empty text boxes, and text boxes which contain numbers.
All selected buttons will have a value, but buttons which are not selected will not be present at all. This includes radio buttons, check boxes and actual buttons.
This means that $_POST['issue_id'] will be the string '0', which is actually truthy.
If you need it to be an integer, use something like: $issue_id=intval($_POST['issue_id']);
#Abdus Sattar Bhuiyan you can also full fill your two condition like below one:
<?php
$_POST["issue_id"] = "0";
$issue_id = isset($_POST['issue_id']) ? (!empty($_POST['issue_id']) || $_POST['issue_id'] === 0 || $_POST['issue_id'] === "0") ? true : false : false;
if($issue_id){
echo 'true';
}
else{
echo 'false';
}
i got into some trouble by using OR if one condition is true and the other false.
in my constillation right now it is always only the second condition token.
if($num_rows === '0' OR $_GET['id'] !== $_SESSION['UserID'])
{ echo "show me something"; }
else
{ show nothing; }
i get only always 'show nothing'.
Note that === is strict comparison. I think the following:
$num_rows === '0'
should rather be:
$num_rows == 0
$num_rows is presumably an integer and not a string (a piece of text).
Related: PHP == vs === on Stack Overflow
Watch out with the second comparison, too:
$_GET['id'] !== $_SESSION['UserID']
Here, it's probably better to use != in favor of !== as well. $_GET is generally read as string, so even something like ?id=5 will return as string "5" and not as integer 5
Here's a quick test to illustrate:
if (isset($_GET['id'])) {
echo '<h2>Comparison with == 5</h2>';
var_dump( ($_GET['id'] == 5) );
echo '<h2>Comparison with == "5"</h2>';
var_dump( ($_GET['id'] == "5") );
echo '<h2>Comparison with === 5</h2>';
var_dump( ($_GET['id'] === 5) );
echo '<h2>Comparison with === "5"</h2>';
var_dump( ($_GET['id'] === "5") );
}
else {
echo 'Please set an ?id to test';
}
This will output (notice the third item is false) the following with ?id=5:
Comparison with == 5
boolean true
Comparison with == "5"
boolean true
Comparison with === 5
boolean false
Comparison with === "5"
boolean true
Probably because you use absolute equality with a string.Mysli_num_rows returns an int.
http://php.net/manual/en/language.operators.comparison.php
Equal and of the same type
You dont need to use === as it is a strict comparison and $num_rows is probably an int Try this:-
if($num_rows == 0 OR $_GET['id'] != $_SESSION['UserID'])
$_GET['id'] will provide you a string. You may chech the manual for details
To be really correct, need something like this:
if ($num_rows === FALSE) {
echo 'db resource/link gone';
}
elseif ($num_rows === 0 || intval($_GET['id']) !== intval($_SESSION['UserID'])) {
echo 'no db result or id mismatch';
}
elseif (intval($num_rows) > 0 && intval($_GET['id']) === intval($_SESSION['UserID'])) {
echo 'everything good';
}
else {
echo 'something unhandled went wrong';
}
thanks for all the answers. i got it to work. i change the order and the opreator to what you've suggested.
i made it like this:
if($num_rows > 0 OR $_GET['id'] == $_SESSION['UserID']) { echo "show nothing"; }
else { show me some stuff }
so thanks again for all the help. :)
Need to capture two variables via POST.
If they are different integers, save $mensalidade = 4 and a integer and any other state save $mensalidade=8.
I try this but dont work..
if (is_int($_POST['linha_ida']) != is_int($_POST['linha_volta'])) {
$mensalidade= $_POST['mensalidade']=4;
} else {
$mensalidade= $_POST['mensalidade']=8;
}
Broke a little more head and now it's perfect!
Thanks to all
The code looked like this
if($linha_ida === $linha_volta || preg_match( '/[A-Z]/' , $linha_volta )|| preg_match( '/[A-Z]/' , $linha_ida )){
$mensalidade= $_POST['mensalidade']=8;
} else{
$mensalidade= $_POST['mensalidade']=4;
}
Just use the (int) parser to convert the string to an integer.
if ((int)$_POST['linha_ida']) != (int)($_POST['linha_volta']) && is_int($_POST['linha_ida']) && is_int($_POST['linha_volta']) {
$mensalidade= $_POST['mensalidade']=4;
} else {
$mensalidade= $_POST['mensalidade']=8;
}
Taken from the Question comments from caCtus
caCtus:
is_int() returns true or false if the parameter is an integer or not. If you compare is_int($iamaninteger) to is_int($iamanintegertoo), you compare true and true, not your variables' values.
if (is_int($_POST['linha_ida']) && is_int($_POST['linha_volta']) && $_POST['linha_volta'] != $_POST['linha_ida']) {
$mensalidade= $_POST['mensalidade']=4;
} else {
$mensalidade= $_POST['mensalidade']=8;
}
I have created two links where I would like the page contents to change. The problem is the URL changes but not the page content.
<h3>Filter Results</h3>
<p><a href="index.php?filter='Action'>Action</a></p>
<p>Comedy</p>
if (isset($_GET['filter']) == 'Action') {
echo 'Action';
}
else if (isset($_GET['filter']) =='Comedy') {
echo 'Comedy';
}
It always outputs the first link information "Action".
Your links are faulty:
<p>Action</p>
<p>Comedy</p>
<!-- ^ ^ No single quotes (' ') -->
Yogesh Suthar pointed it out first
Also, isset() will return a boolean (true or false; based on whether or not the variable is set). You're comparing a boolean to a string, a string will always be converted into TRUE (unless the string is "false" or similar), so basically, if the variable is set, the first condition will always match.
You want
if (isset($_GET["filter"]) && $_GET["filter"] === "Action")
Note the use of ===, this will make sure that the variable is exactly what you think it is, and not some sort of other type variable.
Few more points (Shamelessly stolen taken from other answers)
If there are multiple possible filters, check for the variable existance once, and use a switch/case block to determine which of them it is:
if(isset($_GET['filter'])) {
switch($_GET['filter']) {
case 'Action':
echo 'Action';
break;
case 'Comedy':
echo 'Comedy';
break;
}
}
The function isset will only check if the variable is existing! It will not return its value! Try this instead:
<h3>Filter Results</h3>
<p>Action</p>
<p>Comedy</p>
if(isset($_GET['filter']) && $_GET['filter'] == 'Action'){
echo 'Action';
}
else if(isset($_GET['filter']) && $_GET['filter'] == 'Comedy') {
echo 'Comedy';
}
Also, using switch might make things easier in the future:
<h3>Filter Results</h3>
<p>Action</p>
<p>Comedy</p>
if(isset($_GET['filter'])) {
switch($_GET['filter']) {
case 'Action':
echo 'Action';
break;
case 'Comedy':
echo 'Comedy';
break;
}
}
As #MadaraUchiha said about isset and,
if(isset($_GET['filter']) == 'Action')
should be
if(isset($_GET['filter']) && $_GET['filter'] == 'Action')
Also
<a href="index.php?filter='Action'>Action</a>
^ ^ ^ // here you started " but not ended and remove the single quotes around Action
should be
Action
Make sure that you insert an opening and a closing php tag: <?php and ?> To simplify it a bit you could just echo the value you get via $_GET
<h3>Filter Results</h3>
<p><a href="index.php?filter='Action'>Action</a></p>
<p><a href="index.php?filter='Comedy'>Comedy</a></p>
<?php
if(isset($_GET['filter'])){
echo $_GET['filter'];
}
?>
The function isset will return true or false (it checks whether the variable is set or not). Change your code:
if(isset($_GET['filter']) && $_GET['filter'] == 'Action') {
Your if condition is not correct do it:
if(isset($_GET['filter']) && $_GET['filter'] == 'Action'){
echo 'Action';
}
Similarly with else if:
else if(isset($_GET['filter']) && $_GET['filter'] =='Comedy') {
As you are comparing the isset($_GET['filter']) with the value although isset returns true of false so you need to compare the value of $_GET['filter'].
you dont have to use isset() and then compare.
$filter = $_GET['filter'];
if(isset($filter)){
if($filter == 'Action'){
echo 'Action';
}else if($filter == 'Comedy'){
echo 'Comedy';
}
}
isset returns true and since 'Action' is not null, it evaluates to true.
if ((isset($_GET['filter'])) && ($_GET['filter'] == 'Action')) {
// ...
} else if ((isset($_GET['filter'])) && ($_GET['filter'] == 'Comedy')) {
// ...
}
BTW such code would sooner or later become a nightmare to maintain.
You could instead, for example
function preventDirectoryTraversal($requestParam) {
return preg_replace("/\//", "", $requestParam);
}
// ...
if (isset($_GET['filter'])) {
$filterName = preventDirectoryTraversal($_GET['filter']);
include(FILTERS_DIR . "/" . $filterName . ".php");
}
or something alike. Of course this can be further improved, but I hope you get the point.
Wrong use of isset, check documentation, return a boolean.
if (isset($_GET['filter']))
{
switch ($_GET['filter'])
{
case 'Action':
//TODO
break;
case 'Comedy':
// TODO
break;
default:
// TODO
break;
}
}
//isset will always return true or false
if(isset($_GET['filter'])){
if($_GET['filter']=='Action')
{
echo 'Action';
}elseif($_GET['filter']=='Comedy'){
echo 'Comedy';
}
}