if ($_SESSION['uid'] > 0) VS if ($_SESSION['uid'] == 0)

[Artsybetty]

this will be used to check for a valid user id to show certain pages to logged in users, does it make a difference (beside the obvious order after the statements) and if so what method is more secure?

 

any suggestions are appreciated

[exeTrix]

They would be equivalent if done like this:

 

if( !( $var > 0 ) ){}

if( $var == 0 ){} 

However this would be better:

 

if( (int) $var === 0 ){}

 Basically with the latter you're testing type and value. However, remember that if you cast a string as a int which starts with a letter it'll always return 0.

[PaulRyan]

You should also use isset when dealing with session variables, as they may not exist and throw an error.

[Artsybetty]

so, as my uid contains no letters,

 

if isset( (int) $_SESSION['uid'] === 0 ){ not logged content}

else {logged in content}

 

should work?

 

and i'm presuming that (based on your post) checking for non logged users first is the best route?

[PaulRyan]

<?PHP

 

  if(!isset($_SESSION['uid']) || (int)$_SESSION['uid'] === 0) {

    //### Not Logged In

    echo '1';

  } else {

    //### Logged In

    echo '2';

  }

 

?>

 

[Artsybetty]

excuse my VERY short hand in the previous post, ^^ thats exactly what i was looking for. thankyou both for the input!