mark103 Posted March 8, 2012 Share Posted March 8, 2012 Hi guys, I need your help, I have got a problem with the if statement. When I don't insert the pass function in the url like this: http://www.mysite.com/myscript.php?image=myimagelocation&strings=mystrings&user=test I will get this on my php page: PASSWORD are missing <?php session_start(); define('DB_HOST', 'localhost'); define('DB_USER', 'mydbusername'); define('DB_PASSWORD', 'mydbpass'); define('DB_DATABASE', 'mydbname'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($var){ return mysql_real_escape_string(strip_tags($var)); } $image = clean($_GET['image']); $strings = clean($_GET['strings']); $username = clean($_GET['user']); $pass = clean($_GET['pass']); if($username == '' && $pass) { $errmsg_arr[] = 'username are missing'; $errflag = true; }elseif($username && $pass =='') { $errmsg_arr[] = 'PASSWORD are missing'; $errflag = true; } if($username == '' && $pass == '') { $errmsg_arr[] = 'username or password missing'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; echo implode('<br />',$errmsg_arr); } else { $insert = array(); if(isset($_GET['image'])) { $insert[] = 'image = \'' . clean($_GET['image']) . '\''; } if(isset($_GET['strings'])) { $insert[] = 'strings = \'' . clean($_GET['strings']) . '\''; } if(isset($_GET['user'])) { $insert[] = 'user = \'' . clean($_GET['user']) .'\''; } if(isset($_GET['pass'])) { $insert[] = 'pass = \'' . clean($_GET['pass']) . '\''; } if (count($insert)>0) { $names = implode(',',$insert); $required_fields = array('image', 'strings', 'user'); if($image && $strings && $username) { echo "working 1"; } elseif($username && $pass) { echo "working 2"; } } } ?> Do anyone know how to fix this? Quote Link to comment https://forums.phpfreaks.com/topic/258540-cannot-get-pass-on-the-if-variable/ Share on other sites More sharing options...
ReeceSayer Posted March 8, 2012 Share Posted March 8, 2012 The else if statement is checking if your password is set from the GET in the URL. If you don't pass it in the URL it will throw that error. If you don't want people to see the password in the URL you could use POST instead. If you want to get rid of it remove the elseif or set the $errflag variable to false. Probably defies the point though. Not sure exactly what you're trying to accomplish, sorry if i've misunderstood. Quote Link to comment https://forums.phpfreaks.com/topic/258540-cannot-get-pass-on-the-if-variable/#findComment-1325294 Share on other sites More sharing options...
Eiolon Posted March 8, 2012 Share Posted March 8, 2012 That's because your password IS missing. You are trying to GET $pass. But $pass is not being passed through your URL. Why not authenticate the user separately, set a session, then do what you want with the remainder of the script? Quote Link to comment https://forums.phpfreaks.com/topic/258540-cannot-get-pass-on-the-if-variable/#findComment-1325295 Share on other sites More sharing options...
mark103 Posted March 8, 2012 Author Share Posted March 8, 2012 The else if statement is checking if your password is set from the GET in the URL. If you don't pass it in the URL it will throw that error. If you don't want people to see the password in the URL you could use POST instead. If you want to get rid of it remove the elseif or set the $errflag variable to false. Probably defies the point though. Not sure exactly what you're trying to accomplish, sorry if i've misunderstood. Thanks for your suggest. I need to keep the else if statement because if the clients insert the empty array of the user or pass then I want to throw that error. What I want to do is to get checking if the user and password is set from the GET in the URL whether if they are empty then throw the error. The same things that it goes for the image, strings and the user. Here's an example: if the clients insert the user and pass in the URL, i want to get them checking whether if they are empty or not then throw the error that says "username or password are missing". if the clients insert the image, strings and user in the URL without the pass, i want to get them checking whether if they are empty or not then throw the error that says "image, strings or username are missing". I hope you get this. Quote Link to comment https://forums.phpfreaks.com/topic/258540-cannot-get-pass-on-the-if-variable/#findComment-1325298 Share on other sites More sharing options...
ReeceSayer Posted March 8, 2012 Share Posted March 8, 2012 Yeah i understand a little better now thanks. Only one way i can think of doing it at the minute. Possibly wrap those if statements in another to check that both the user and pass GET variables are set before going into that verification. Like this: <?php session_start(); define('DB_HOST', 'localhost'); define('DB_USER', 'mydbusername'); define('DB_PASSWORD', 'mydbpass'); define('DB_DATABASE', 'mydbname'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($var){ return mysql_real_escape_string(strip_tags($var)); } $image = clean($_GET['image']); $strings = clean($_GET['strings']); $username = clean($_GET['user']); $pass = clean($_GET['pass']); if (isset($_GET['user'])) && (isset($_GET['pass'])) { if($username == '' && $pass) { $errmsg_arr[] = 'username are missing'; $errflag = true; }elseif($username && $pass =='') { $errmsg_arr[] = 'PASSWORD are missing'; $errflag = true; } if($username == '' && $pass == '') { $errmsg_arr[] = 'username or password missing'; $errflag = true; } } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; echo implode('<br />',$errmsg_arr); } else { $insert = array(); if(isset($_GET['image'])) { $insert[] = 'image = \'' . clean($_GET['image']) . '\''; } if(isset($_GET['strings'])) { $insert[] = 'strings = \'' . clean($_GET['strings']) . '\''; } if(isset($_GET['user'])) { $insert[] = 'user = \'' . clean($_GET['user']) .'\''; } if(isset($_GET['pass'])) { $insert[] = 'pass = \'' . clean($_GET['pass']) . '\''; } if (count($insert)>0) { $names = implode(',',$insert); $required_fields = array('image', 'strings', 'user'); if($image && $strings && $username) { echo "working 1"; } elseif($username && $pass) { echo "working 2"; } } } Not sure if it's good practice to do it that way but i'm still learning Quote Link to comment https://forums.phpfreaks.com/topic/258540-cannot-get-pass-on-the-if-variable/#findComment-1325300 Share on other sites More sharing options...
mark103 Posted March 8, 2012 Author Share Posted March 8, 2012 Thank you very much for your help ReeceSayer. I can see the problem is solved now thanks Quote Link to comment https://forums.phpfreaks.com/topic/258540-cannot-get-pass-on-the-if-variable/#findComment-1325328 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.