hi I am trying to see if i can reverse this if statement so that I can have an if condition which lists results only if the user session is not the user id.
I'm brand new to mysql and php and would really appreciate if someone could show me what i need to do
here's the if statement I'm trying reverse so if $user['id'] is not $_SESSION['user_id']
if ($user['id'] == $_SESSION['user_id']){
I've tried this: (doesn't work and brings up a syntax error)
if (!isset($user['id'] == $_SESSION['user_id'])){
This is fairly simple and actually basic PHP stuff:
if ($user['id'] != $_SESSION['user_id'] )
In addition to Sturb's answer you can also reverse the variables:
if($_SESSION['user_id'] != $user['id'])
Just check using if condition
if(!$user['id']==$_SESSION['user_id'])
Related
I'm currently working through a large number of warnings I have logged after my server was updated to PHP 8.
One particular point that has me scratching my head is the following code block
if (!$option['type'] || $option['type'] == "select") {
$output .= '<b>'.$option['title'].':</b>';
}
I know that I can use isset($option['type']) like this
isset($option['type']) && $option['type'] == "select"
but confused how that would work for
!$option['type']
How can you be checking if isset, but also it being NOT. If it's NOT, then surely it isn't set anyway?
The test for "may not exist or may be falsey" is:
if (empty($option['type']))
I'm trying to create a user registration script for my website, and although my current code works, I'm wondering if the syntax is correct, and if there are modifications that I need to make to increase security and avoid mistakes.
My registration form has multiple fields, some of which cannot be null (ex. email and password), and some of which can be null (ex. birthdate). Each field has jquery / client-side validation, and the form cannot be submitted until the required fields are set. After checking if the registration form has been submitted, I'm saving up the information in different variables as follows:
$email=isset($_POST['email']) ? $database->escape($_POST['email']) : "";
$birthdate=isset($_POST['birthdate']) ? $database->escape($_POST['birthdate']) : "";
I know I need to escape the information before saving, which is what the escape function does in this case, but other than that, I'm wondering if my approach/logic is wrong?
Should I be checking both isset and empty for each field, or should I have a different approach for fields that can be null and those that can't?. Ex:
$email=isset($_POST['email'])&&!empty($_POST['email']) ? $database->escape($_POST['email']) : "";
Or is checking for !empty enough in such case?
$email=!empty($_POST['email']) ? $database->escape($_POST['email']) : "";
Before the sql insertion I'm checking if(empty($email)) in which case the registration doesn't go through, so I'm confused as to if I do need both the isset and empty checks when first retrieving the information and saving it to variables.
Thanks for any help/advice you can give me on this topic. I graduated 2 years ago and have mostly worked on frontend web design, I learned php and mysql in school during my last two years, but nowhere in my notes or practice files do I see a mention of isset to check if a value is received, they all save the post or get straight to the variable, and there was no mention of mysqli or pdo, just mysql which I know has been deprecated (and apparently there were warnings of this happening before they even thought me about it). Looks like my teachers were behind on this practices, I've learned so much about php and mysqli in the last few days only while working on this project, I'm still confused by a lot of things although I think I'm getting the hang of it.
You must only use empty() for mandatory fields then escape all fields. Don't forget to hash passwords!
If you use isset and you create registration:
<?php
$login = $_POST['login'];
$pass = $_POST['pass'];
$pass2 = $_POST['pass2'];
$age = $_POST['age'];
if(isset($login)){
if(!empty($login) AND !empty($pass) AND !empty($pass2) AND !empty($age) AND $pass == $pass2){
// Check lenght of variables...
// AND Check login in base (1 login == 1 account) :D
} else {
echo "Please check empty variables!";
}
}
?>
Good Luck!
I'm trying to display items a specific way...
First I want to check if $MYCAR_model exists (this is a session value). If not, do nothing.
Next I want to make sure that the URL variable cat is set to either 1 or 2. If not, also do nothing.
The URL would look like this...
http://www.mysite.com/?cat=1
My failed code...
if (isset($MYCAR_model) && ($cat=='1' || $cat=='2')) {
// show stuff
}
Thank you for any help you can provide.
Maybe
if (isset($_SESSION["MYCAR_model"]) ...
You can also use $_REQUEST["cat"] instead of $_GET["cat"] so that you don't need to worry about the parameter being passed via GET/POST/COOKIES.
if (isset($_SESSION['MYCAR_model']) && ($_GET['cat'] =='1' || $_GET['cat'] =='2')) {
// show stuff
}
I hope this is simple. I am working on a site where a user can register directly with the site or sign in with Facebook etc. What I want to know is how to handle the session data at the top of the script?
Here is what I have:
if ($_SESSION['loggedin'] == 'true') {
}
I have tried:
if ($_SESSION['loggedin'] == 'true')|| if $user{
But this is throwing out an error: unexpected T_BOOLEAN_OR
Is this even the right way of doing this kind of session work? Or should I be approaching this differently? Has anybody else done this that they would be willing to share?
Thanks,
Lewis
The proper syntax is NOT
if ($_SESSION['loggedin'] == 'true')|| if $user{...}
it is...
if ($_SESSION['loggedin'] == 'true' || $condition2==true){...}
All of your conditions in their logical order must be contained in the if's parantheses. Since if statements always check for true, so this can be simplified like so
if ($_SESSION['loggedin'] || $condition2){...}
That's basic PHP syntax:
if (($_SESSION['loggedin'] == 'true') || ($user whatever....)) {
...
}
i am new to PHP so don't know how this would turn out. Lets say i have a add friend page. And in the database lets say i have a table called "friends" and the following rows: my_id and friend_id and id_request.
And now i have a php page that will look something like: addfriend.php?id=friendid
And then i use the id from that link to insert in to the database my id and that friendid.
The question is what will happen if someone enters "kdjfkldjlfk" in the link in the address bar?
you need to prevent those cases and validate
ex:
test that the $_GET['id'] isset and that the friendid is real , you could query the database to see that the id exists ...
If you mean "What will happen if someone visits the URI for an id that does not exist?", then it depends on what your PHP says should happen.
If your PHP doesn't check how many results it got from its SQL query, then it is quite possible that the page will spit out a 500 Internal Server Error.
If you've designed it properly, then it would return a document that explains that you cannot add a user that does not exist as a friend.
Actually, if you've designed it properly then the data should be sent via POST not GET since adding a friend is not an idempotent event. (See the HTTP specification — GET should be free of side effects)
You need to validate your user input. First, cast the $_GET value to an int type, and if it's equal to 0, tell them they've mistyped it.
$var = (int)$_GET['id'];
if($var == 0)
{
// Error
}
else
{
// The rest of your code
}
It turns out that PHP has some pretty cool filter functionality built-in. You should learn them and use them:
if (filter_var($_GET['id'], FILTER_VALIDATE_INT) === false) {
// error
}
if (filter_var($_GET['email'], FILTER_VALIDATE_EMAIL) === false) {
// error
}
if (filter_var($_GET['ip_address'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === false) {
// error
}
http://us.php.net/manual/en/function.filter-var.php