Jump to content

ifelse statement syntax


turpentyne
 Share

Recommended Posts

Simple one, I think. I just want to know if this is how I would do this code. on page one a javascript toggles between two divs depending on the option made in a select box. Div one is a radio button valued "dc resident" and the other is a text box where they enter some text. Then on page two, whichever one is entered becomes the variable to insert to my database.

 


if (isset($_POST['how1']){$how1 = mysql_escape_string($_POST['how1']);}
elseif  (isset($_POST['resident']){$how1 = mysql_escape_string($_POST['resident']); };

 

I think it's right, but something in my gut tells me its not, or that maybe there's a simpler way to do this?

Link to comment
Share on other sites

That seems okay. You may want to check that the values aren't empty either.

 

Keep in mind, a tricky user may submit both. In your case, it will just default to $_POST['how1']. This may be something you want to check for though, as a user may accidentally submit both values as well, and if they were expecting the second one to go through, things wouldn't process as they expect.

 

Link to comment
Share on other sites

If you are just hiding and displaying these inputs, then they both will come through the request...

 

So basically to be safe, you'd want a hidden input that is javascript toggled named residentTrue, if you are to do it this way..

 

there could be other ways to do this, however, if you don't have a certain value telling you which was used, technically speaking there could be an instance where both fields are filled out, and then, you can't use this to dependably rely on..

 

so I mean, with alot more thinking I'm sure you could figure it out, but I'd advise on a simple hidden flag which is true or false, that you can use that to compare :)

Link to comment
Share on other sites

Normaly I'd say you don't need a mysql_real_escape_string on a radiobutton input, but as your using JS you're as well keeping it in.

 

Bad advice. PHP has no idea which type of element submits any given value. A malicious user could easily rig their own form containing a text field with the same name as the radio button.

 

ALWAYS SANITIZE DATA COMING FROM OUTSIDE OF YOUR SCRIPT

Link to comment
Share on other sites

I've gotten to this, if I did it right. (changed to session instead of regular variable) I'm confused on one thing though. I was worried about what Russelreal said, but not sure how to take only one in the php code below? Or does it essentially take just one?

 

if ((isset($_POST['how1'])) && (!empty($_POST['how1'])) ){$_SESSION['s_how1'] = mysql_escape_string($_POST['how1']);}
elseif  ((isset($_POST['resident'])  && (!empty($_POST['resident'])) ){$_SESSION['s_how1'] = mysql_escape_string($_POST['resident']); }
 else {$_SESSION['s_how1'] = "0"}

 

EDIT: correction, I wasn't reading what  Russelreal said right. But don't want to edit the above, since people have probably read it by now.

Link to comment
Share on other sites

Wait.. could I do it like this, on the server side? Doing what Russelreal said, but using the original select field, $_POST['hear'] , value to make sure I only take one, in case both options were actually picked?

 

Maybe I'm just getting myself confused or overkilling the script?

 

if ((isset($_POST['how1'])) && (!empty($_POST['how1'])) && (($_POST['hear']) == "dcranch") ){$_SESSION['s_how1'] = mysql_escape_string($_POST['how1']);}
elseif  ((isset($_POST['resident'])  && (!empty($_POST['resident'])) && (($_POST['hear']) !== "dcranch") ){$_SESSION['s_how1'] = mysql_escape_string($_POST['resident']); }
 else {$_SESSION['s_how1'] = "0"};

Link to comment
Share on other sites

Here's a working example of why what you're doing is wrong, and a possible solution to your problem.

 

There are many alternate ways to do that same thing though, I picked one of the more simple ones

 

<script type="text/javascript">
function toggleElements() {
	var div1 = document.getElementById('div1');
	var div2 = document.getElementById('div2');
	if( div1.style.display == 'none' ) {
		div1.style.display = 'block';
		div2.style.display = 'none';
	}	else {
		div1.style.display = 'none';
		div2.style.display = 'block';
	}
}
function toggleForms() {
	var form1 = document.getElementById('form1');
	var form2 = document.getElementById('form2');
	if( form1.style.display == 'none' ) {
		form1.style.display = 'block';
		form2.style.display = 'none';
	} else {
		form1.style.display = 'none';
		form2.style.display = 'block';
	}
}
</script>
<?php

echo '<pre>'; print_r( $_POST ); echo '</pre>';

?>
<div id="badForm">
<h2>What you're doing</h2>
<p><a href="#" onclick="toggleElements();">Toggle Elements</a></p>
<form method="post" action="">
	<div id="div1"><input type="text" name="textElement" value="default"></div>
	<div id="div2" style="display:none;"><input type="radio" name="radioElement" value="one" checked="checked"> One<br>
		<input type="radio" name="radioElement" value="two"> Two
	</div>
	<input type="submit">
</form>
</div>

<div id="goodForm">
<h2>What you could do to fix</h2>
<p><a href="#" onclick="toggleForms();">Toggle Forms</a></p>
<form id="form1" method="post" action="">
	<input type="text" name="textElement" value="default"><br>
	<input type="submit">
</form>
<form id="form2" method="post" action="" style="display:none;">
	<input type="radio" name="radioElement" value="one" checked="checked"> One<br>
	<input type="radio" name="radioElement" value="two"> Two<br>
	<input type="submit">
</form>
</div>

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.