Jump to content

[SOLVED] if block with an else problem.

samtwilliams

By samtwilliams
in PHP Coding Help

 Share

Recommended Posts

samtwilliams Member

samtwilliams

Posted
Posted

Evening All,

 

I want to add an else statement to my if block 'TEST FOR BLANKS IF BLOCK' within the foreach. As if there arnt any blanks i want to perform another function.

 

    if (isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token']) {	// TOKEN CHECK

		foreach($_POST as $allvalues) { 					// FOREACH BLOCK
		if($allvalues == "") { 								// TEST FOR BLANKS IF BLOCK
		$warning = 'Error: One or more of the fields are blank';
				}											// TEST FOR BLANKS IF BLOCK
		}													// FOREACH BLOCK
} else {
$warning = 'Warning: You have either tried to re-submit your last form entry or this is a CSRF attack. This has been logged!';
}																			// TOKEN CHECK
}

 

Hope someone can help.

 

Sam

Link to comment
Share on other sites
samtwilliams Member

samtwilliams

Posted
  • Author
Posted

I under stand the if statement but when i code it like this, it still executes the 'done' even if some of the post fields are blank.

 

    if (isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token']) {	// TOKEN CHECK

		foreach($_POST as $allvalues) { 					// FOREACH BLOCK
		if($allvalues == "") { 								// TEST FOR BLANKS IF BLOCK
		$warning = 'Error: One or more of the fields are blank';
		} else {
		$warning = "done"; //SCRIPT CONTINUES
				}											// TEST FOR BLANKS IF BLOCK
		}													// FOREACH BLOCK
} else {
$warning = 'Warning: You have either tried to re-submit your last form entry or this is a CSRF attack. This has been logged!';
}																			// TOKEN CHECK
} 																// ISSET BLOCK

 

Do i have to break the foreach?

Link to comment
Share on other sites
vineld Member

vineld

Posted
Posted

Yeah, either break or set some variable. The latter is generally a better idea. What you do now is go through this process for each item in the array which means it simply produces the message that corresponds to the last value. Try to follow the logic of your code.

 

Also, it might be a good idea not to print that last error message. Just say "Something went wrong." or something like that. It might confuse at least one attacker.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.