Jump to content

Recommended Posts

Hi

 

Sorry, realise this is a bit of a noob question but can someone explain why this if statement uses multiple parenthesis?  Is this a good way of grouping conditionals and when should you use it?

 

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))

Link to comment
https://forums.phpfreaks.com/topic/261428-noob-quest-about-conditionals/
Share on other sites

Hi,

Like in arithmetic, the paranthesis are used to control, and group the order of operations. For example, like: (2 + 3) * 4 = 20; and 2 + (3 * 4) = 14;

In the code above, the result True or False of the first three conditionals is then grouped with && with the result of the 4th conditional.

The person writing that was probably unsure of the operator precedence and wanted to make sure it worked.

 

The only () needed are those around the group of ||'ed values (which itself can be simplified, see below) -

<?php
if (($_FILES["file"]["type"] == "image/gif"
|| $_FILES["file"]["type"] == "image/jpeg"
|| $_FILES["file"]["type"] == "image/pjpeg")
&& $_FILES["file"]["size"] < 20000){

 

However, there are other problems with that logic (which probably came from the w3schools.com upload example). When validating user supplied input, you should never lump together tests and output a generic 'sorry, you did something wrong' message. You should validate everything about the user supplied input and specifically tell the user what was wrong with his input (provided telling him isn't a security issue.) If it was the wrong mime type, tell him what the mime type was that he submitted and what the valid types are. If there is something wrong with the size of the file, tell him what size he uploaded and what the valid size range is.

 

Also, for that code, when you are testing if a value is one of several possible values, you should make an array of the acceptable values and use an in_array statement -

 

<?php
$allowed_types = array("image/gif","image/jpeg","image/pjpeg"); // just add values here instead of modifying the logic in the if() statement 

if(in_array($_FILES["file"]["type"],$allowed_types){

}

Thanks both!

 

PFMaBiSmAd: That really helps me to understand. And you're perfectly correct in spotting w3schools haha. I wasn't intending to use it exactly as it was written I was just curious as to why and when you should use that sort of grouping.

 

Your advice on using an array looks much cleaner though and I'll certainly adopt this method from here on in. Very glad i asked  :) 

 

OH and it occurs to me now that using arrays like that can help make the function reusable...the penny drops ;)

 

Thank you!

 

The person writing that was probably unsure of the operator precedence and wanted to make sure it worked.

 

The only () needed are those around the group of ||'ed values (which itself can be simplified, see below) -

<?php
if (($_FILES["file"]["type"] == "image/gif"
|| $_FILES["file"]["type"] == "image/jpeg"
|| $_FILES["file"]["type"] == "image/pjpeg")
&& $_FILES["file"]["size"] < 20000){

 

However, there are other problems with that logic (which probably came from the w3schools.com upload example). When validating user supplied input, you should never lump together tests and output a generic 'sorry, you did something wrong' message. You should validate everything about the user supplied input and specifically tell the user what was wrong with his input (provided telling him isn't a security issue.) If it was the wrong mime type, tell him what the mime type was that he submitted and what the valid types are. If there is something wrong with the size of the file, tell him what size he uploaded and what the valid size range is.

 

Also, for that code, when you are testing if a value is one of several possible values, you should make an array of the acceptable values and use an in_array statement -

 

<?php
$allowed_types = array("image/gif","image/jpeg","image/pjpeg"); // just add values here instead of modifying the logic in the if() statement 

if(in_array($_FILES["file"]["type"],$allowed_types){

}

Here's the operator precedence table, which shows why you have to force the ||'s to be evaluated together before the && (&& has higher precedence than ||) - http://us2.php.net/manual/en/language.operators.precedence.php

 

All makes sense now. Thanks for taking the time :)

 

 

Here's the operator precedence table, which shows why you have to force the ||'s to be evaluated together before the && (&& has higher precedence than ||) - http://us2.php.net/manual/en/language.operators.precedence.php

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.