This may be the way my server is set up, but I'm banging my head against the wall. I'm trying to say that if $action has no value or has a value that is not "add" or "delete" then have an error, else keep running the script. However, I get an error no matter what $action is.
$action = $_GET['a'];
if((!isset($action)) || ($action != "add" || $action != "delete")){
//header("location:index.php");
echo "error <br>";
}
$action is being set properly and if run something like if($action =="add") it works. This is on my local host, so it could be a settings issue.
Your logic is slightly off. The second || should be &&:
if ((!isset($action)) || ($action != "add" && $action != "delete"))
You can see why your original line fails by trying out a sample value. Let's say $action is "delete". Here's how the condition reduces down step by step:
// $action == "delete"
if ((!isset($action)) || ($action != "add" || $action != "delete"))
if ((!true) || ($action != "add" || $action != "delete"))
if (false || ($action != "add" || $action != "delete"))
if ($action != "add" || $action != "delete")
if (true || $action != "delete")
if (true || false)
if (true)
Oops! The condition just succeeded and printed "error", but it was supposed to fail. In fact, if you think about it, no matter what the value of $action is, one of the two != tests will return true. Switch the || to && and then the second to last line becomes if (true && false), which properly reduces to if (false).
There is a way to use || and have the test work, by the way. You have to negate everything else using De Morgan's law, i.e.:
if ((!isset($action)) || !($action == "add" || $action == "delete"))
You can read that in English as "if action is not (either add or remove), then".
No matter what $action is, it will always either not be "add" OR not be "delete", which is why the if condition always passes. What you want is to use && instead of ||:
(!isset($action)) || ($action !="add" && $action !="delete"))
You're saying "if it's not set or it's different from add or it's different from delete". You realize that a != x && a != y, with x != y is necessarily false since a cannot be simultaneously two different values.
You could also try:
if ((!isset($action)) || !($action == "add" || $action == "delete")) {
// Do your stuff
}
For future reference, you can quickly create a truth table to check if it evaluates the way you want... it's kind of like Sudoku.
(!isset($action)) && ($action != "add" && $action != "delete"))
Example:
column 1 is issetaction, column 2 and 3 evaluates !="add","delete" respectively
if($a=add) T && (F && T) => T && F => FALSE
if($a=delete) T && (T && F) => T && F => FALSE
if($a=nothing) T && (T && T) => T && T => TRUE
I think this is the best and easiest way to do it:
if (!(isset($action) && ($action == "add" || $action == "delete")))
Not an answer, but just for the sake of code formatting
if((isset($_GET['a'])) $action=$_GET['a']; else $action ="";
if(!($action === "add" OR $action === "delete")){
header("location: /index.php");
exit;
}
Note the exit; statement after header(). That's the important thing. header() does not terminate script execution.
Related
I'm trying to make routing system.
What I want to do:
Url: http://localhost/wiki.php?post_id=1 invoke second if
Url's: http://localhost/wiki.php?post_id=1&action=upvote
http://localhost/wiki.php?post_id=1&action=downvote invoke first if
This is routing system:
if(isset($_GET['post_id']) & ((isset($_GET['action']) ? $_GET['action'] : null) == "upvote" || "downvote")){
//Do stuff
}else if(isset($_GET['post_id'])){
//Do stuff
}
Problem:
Url's: http://localhost/wiki.php?post_id=1&action=upvote http://localhost/wiki.php?post_id=1&action=downvote work like they are supposed to.
But url: http://localhost/wiki.php?post_id=1 invokes first not second if too...
Notice: Undefined index: action in D:\xampp\htdocs\controllers\WikiController.php on line 18
Line 18: $rate = $_GET['action']; it's inside in first if.
While testing I figured out that if I change if(isset($_GET['post_id']) & ((isset($_GET['action']) ? $_GET['action'] : null) == "upvote" || "downvote")){
too
if(isset($_GET['post_id']) & ((isset($_GET['action']) ? $_GET['action'] : null) == "upvote")){
or
if(isset($_GET['post_id']) & ((isset($_GET['action']) ? $_GET['action'] : null) == "downvote")){
It works fine. But I want to learn how to do this right, not just simply made 2 different routers.
this part (exp) == "upvote" || "downvote" does not work like you suppose it does. It only tests if exp is equal to "upvote", the second part "downvote" is understood as a boolean which is true, so you stay in the first part of the alternative..
try with
if(isset($_GET['post_id']) && (($exp = (isset($_GET['action']) ? $_GET['action'] : null)) == "upvote" || $exp == "downvote")){
For clarification, a single (ampersand) & is "bitwise":
http://php.net/manual/en/language.operators.bitwise.php
Therefore, you need to change your & to &&.
From the manual:
$a & $b And Bits that are set in both $a and $b are set.
What you're after is the logical && operator:
http://php.net/manual/en/language.operators.logical.php
$a && $b And TRUE if both $a and $b are TRUE.
|| "downvote" will always return true since you're not comparing it to anything. You have to add (isset($_GET['action']) ? $_GET['action'] : null) == in front of that string too.
So your statement would be:
if(isset($_GET['post_id']) && ((isset($_GET['action']) ? $_GET['action'] : null) == "upvote" || (isset($_GET['action']) ? $_GET['action'] : null) == "downvote")){
//Do stuff
}else if(isset($_GET['post_id'])){
//Do stuff
}
$routes = [
'upvote','downvote'
];
if(isset($_GET['post_id']) && isset($_GET['action']) && in_array($_GET['action'],$routes)){
echo 'running if';
}else if(isset($_GET['post_id'])){
echo 'running else if';
}
You are missing && was the problem, i just change this for dynamic route if you need to change in future!
I have been making stuff in PHP for a while, everything is always fine. But today I don't get this statement. Why is it always true?
if ($action != 1 || $action != 2) echo true; // TRUE for 0, 1, 2, 3
But the reverse logic
if ($action == 1 || $action == 2) echo true; // FALSE for 0, 3 TRUE for 1, 2
The first expression blows my mind. I guess I don't understand something very very basic, not in PHP but in the Universe, so I don't get it here. I thought that if (FALSE || TRUE) == FALSE, but it isn't a case for second example. It works as expected.
So, where is the answer how to say that: "If the variable is not 1 OR 2 - echo true". I don't understand why my if ($var != 1 OR $var != 2) echo true; doesn't work as I expect.
Negation of ($action != 1 || $action != 2) is ($action == 1 && $action == 2). You can see for yourself that the latter is always false because variable can not be both 1 and 2 at the same time. Therefore the original condition is bound to be always true.
It is working as it has to work. See the doc http://php.net/manual/en/language.operators.logical.php
$a || $b returns TRUE if either $a or $b is TRUE.
If you try like this, hope it will make sense, see the comment on every line
$action = 0;
var_dump($action != 1 || $action != 2); //here (true || true)
$action = 1;
var_dump($action != 1 || $action != 2); //here (false || true)
$action = 2;
var_dump($action != 1 || $action != 2); //here (true || false)
$action = 3;
var_dump($action != 1 || $action != 2); //here (true || true)
Condition OR will search for first TRUE result, your code will give TRUE all the time as any value will be even not 1 or 2.
From you example if $action = 1 then the condition $action != 2 will give true, also if $action = 2 then $action != 1 will give TRUE.
For (If the variable is not 1 OR 2 - echo true) use this:
if(!in_array($action, array(1,2)) echo "true";
EDIT:
You can also check it like this:
if(!($action == 1 || $action == 2)) echo "true";
if ($action == 2 || $action == 1) echo true; // FALSE for 0, 3 TRUE for 1, 2
Works as intended. Its basically "echo true if $action is either 1 or 2".
I have a problem with a form check that use an if statement with multiple 'and' and 'or' operators. This check return me an anomalous occasionally false value.
public function insert_checkForm($form) {
$form = array_filter($form);
if (
!isset($form['report_id']) ||
!isset($form['date']) ||
!isset($form['technical_id']) ||
isset($form['travel_go_from']) != isset($form['travel_go_to']) ||
isset($form['work_go_from']) != isset($form['work_go_to']) ||
!isset($form['travel_go_from']) &&
!isset($form['travel_go_to']) &&
!isset($form['work_go_from']) &&
!isset($form['work_go_to'])
) {
return false;
} else {
return $form;
}
}
Last question, the above code changes compared to this (in spite of the priorities of and operators)?
[...]
!isset($form['report_id']) ||
!isset($form['date']) ||
!isset($form['technical_id']) ||
(isset($form['travel_go_from']) != isset($form['travel_go_to'])) ||
(isset($form['work_go_from']) != isset($form['work_go_to'])) ||
(!isset($form['travel_go_from']) && !isset($form['travel_go_to']) && !isset($form['work_go_from']) && !isset($form['work_go_to']))
[...]
Thanks =)
The most common problem with isset() is that it returns false when the item is NOT SET but also returns false if the item IS SET && IS NULL.
isset($arr['nonexisting']); //this returns: false
$arr['existing'] = null;
isset($arr['existing']); //this returns: false
This is code for Delete link:
<a href="picture_manager.php?do=delete&id=<?php print $picturedata['id']; ?>" >Delete</a>
This is my current database syntax:
if (array_key_exists('do', $_GET) && $_GET['do'] == "delete" && array_key_exists('id', $_GET))
{
$pictureid = trim(sanitize($_GET['id']));
if ($picture->delete($pictureid) === true)
{
header('Location: picture_manager.php?success=removed');
}
}
With code above, other user can delete others user picture like = picture_manager.php?do=delete&id=(victim).
Now I found solution to prevent abuse by other user, I change the old syntax as below:
This is my new database syntax:
if (!array_key_exists('id', $_GET) || $_GET['id'] == "" || $picture->pictureExists(trim(sanitize($_GET['id']))) === false || $picture->checkOwn($user->getUserID(trim(sanitize($_SESSION['key']))), trim(sanitize($_GET['id']))) === false)
{
header('Location: picture_manager.php');
}
else
{
$pictureid = trim(sanitize($_GET['id']));
if ($picture->delete($pictureid) === true)
{
header('Location: picture_manager.php?success=removed');
}
}
Sadly, it did not work "The page isn't redirecting properly - said firefox browser"
Looking for expert right now.
I found solution in below answer.
NOW EDIT:
Its difficult to me when I coded as below:
if (isset($_GET['do']) && $_GET['do'] == 'delete' && (!array_key_exists('id', $_GET) || $_GET['id'] == "" || $picture->pictureExists(trim(sanitize($_GET['id']))) === false || $picture->checkOwn($user->getUserID(trim(sanitize($_SESSION['key']))), trim(sanitize($_GET['id']))) === false))
{
header('Location: picture_manager.php');
}
else
{
$pictureid = trim(sanitize($_GET['id']));
if ($picture->delete($pictureid) === true)
{
header('Location: picture_manager.php?success=removed');
}
}
The file doesn't delete when I click i.e picture_manager.php?do=delete&id=6125
Whats wrong with my code?
infinite redirect, !array_key_exists('id', $_GET) will proceed always. you need add ?do=delete to validation, like
<?php if (isset($_GET['do']) && $_GET['do'] == 'delete' && (!array_key_exists('id', $_GET) || $_GET['id'] == "" || $picture->pictureExists(trim(sanitize($_GET['id']))) === false || $picture->checkOwn($user->getUserID(trim(sanitize($_SESSION['key']))), trim(sanitize($_GET['id']))) === false))
Why this condition passes even if I change the $_GET variable?
I've this code
elseif(isset($_GET['results']) && $_GET['results'] == 'reorder' &&
isset($_GET['sort_column']) && $_GET['sort_column'] != '' && isset($_GET['sort_order'])
&& $_GET['sort_order'] != '' && $_GET['sort_order'] == 'asc'
|| $_GET['sort_order'] == 'desc') { /*rest goes here*/ } else {redirect}
Link returns like this
http://localhost/system/results.php?script_id=2&results=reorder&sort_column=supplier_address&sort_order=desc
But when I change this sort_column=supplier_address to say for example sorcodsalumn=supplier_address it doesn't redirect, instead goes ahead, any idea why? But if I simply remove few letters and dont replace with something else it does redirect...
How come if am using this isset($_GET['sort_column'] and am modifying sort_column to something else still passes this condition
Basic PHP operator precedence... && evaluates before ||, so your entire statement boils down to:
(x && y && z && ....) || ($_GET['sort_order'] == 'desc')
You need to simplify that if(), add some () to enforce your own evaluation order, and then things should start working a bit better.
your AND's and OR's need to be bracketed properly.
else if (isset($_GET['results']) &&
$_GET['results'] == 'reorder' &&
isset($_GET['sort_column']) &&
$_GET['sort_column'] != '' &&
isset($_GET['sort_order']) &&
$_GET['sort_order'] != '' &&
($_GET['sort_order'] == 'asc' || $_GET['sort_order'] == 'desc'))
{
/*rest goes here*/
} else {
redirect
}
More specifically your last || needs its own brackets, as shown above.
You need to put a bracket around your || (OR) statement like this:
elseif(isset($_GET['results']) && $_GET['results'] == 'reorder' &&
isset($_GET['sort_column']) && $_GET['sort_column'] != '' && isset($_GET['sort_order'])
&& $_GET['sort_order'] != '' && ($_GET['sort_order'] == 'asc'
|| $_GET['sort_order'] == 'desc')) { /*rest goes here*/ } else {redirect}
Otherwise your statement will return true anytime sort_order is set to 'desc'.