If(strlen = 0)

[otuatail]

<?php
// Library SMS3S Version 1.0.0   15-03-2014   Desmond O'Toole.
include ("../secure/SecureFunctions.php");
session_start();
Session_Init();

$_SESSION["Email"] = trim(stripslashes($_POST['Email']));
$_Email = $_SESSION["Email"];
$User = crossref($_SESSION['ID']);
$ID = $_SESSION['ID'];
$ValidEmail = validEmail($_Email);
$_SESSION['Error_1'] = "";
$EmailLen = strlen($_Email);
if($ValidEmail == 0 && $EmailLen > 0)
{
	$_SESSION['Error_1'] = "Invalid Email Address";
	header('Location: EditUserDetails.php?ID=$ID');
	break;
}

connectDB(CURRENT_DB);
$sqlUpdateUser = "UPDATE LIBusersX SET Email = '$_Email' WHERE User = '$User'";
//$query = mysql_query ($sqlUpdateUser);

$_SESSION["Email"] = "";
header('Location: edituser.php');
?>

I am checking a form for a valid email entry for an update. If the email address is not entered it is assumed no update is needed. This is an Admin area only.

 

If I echo $EmailLen I get 0. I have trimmed it as well as stripslashes.

 

[Barand]

use exit instead of break

[otuatail]

if($ValidEmail == 0 && $EmailLen > 0)
{
	$_SESSION['Error_1'] = "Invalid Email Address";
	header('Location: EditUserDetails.php?ID=$ID');
	break;
}

// The if() statement has a problem with $EmailLen > 0 if you look at the code again.

Exit was not the problem the problem was simply

 

 

What happens in php script is this. If the if statement validates true then all code between { and } is executed. Replacing break; with exit has no difference;

The value of $EmailLen is 0

 

 

 

 

[Psycho]

Off topic: Creating a variable that is only used once (unless it is based on a complicated calculation) is a waste. It only adds complexity where none needs to exist. In your if() condition you have two variables that were created just before the condition check. For example, you define $_Email as the same value as the session value. Then define $EmailLen as the length of that variable. That's two lines of code that are unnecessary.

 

Also, stripslashes() is unnecessary unless you are on a server running a very old version of PHP.

 

Plus, I'd suggest not creating variables before you need them. It makes it difficult when you revisit the code to understand why the variable is being created.

 

Lastly, do not use the mysql_ functions, they are deprecated. Your current code is open to SQL injection. You should use prepared statements using mysqlI_ or, better yet, PDO.

 

Rough example:

 

<?php
// Library SMS3S Version 1.0.0   15-03-2014   Desmond O'Toole.
include ("../secure/SecureFunctions.php");
session_start();
Session_Init();
 
$emailPost = trim($_POST['Email']);
$_SESSION['Error_1'] = "";
 
if(strlen($emailPost) && !validEmail($emailPost))
{
    $_SESSION['Error_1'] = "Invalid Email Address";
    $_SESSION["Email"] = $emailPost;
    header('Location: EditUserDetails.php?ID={$_SESSION['ID']}');
    exit();
}
 
connectDB(CURRENT_DB);
$User = crossref($_SESSION['ID']);
$sqlUpdateUser = "UPDATE LIBusersX SET Email = '$emailPost' WHERE User = '$User'";
//$query = mysql_query ($sqlUpdateUser);
 
header('Location: edituser.php');
 
?>

[NotionCommotion]

Exit was not the problem the problem was simply

 

What happens in php script is this. If the if statement validates true then all code between { and } is executed. Replacing break; with exit has no difference;

The value of $EmailLen is 0

 

 

 

Use of break and not exist will be an issue as you will update your database when you did not intend to.  Why worry about email length not being zero, and just check if is a valid email?

[bsmither]

"If I echo $EmailLen, I get 0."

 

Is this your question: Why?

 

Let's assume $_POST['Email'] is a zero-length-string (-zls-) or is not set at all. That is, nothing was entered into a form field having the name of "Mail" and/or the <form> was not POSTed. (Look at what var_dump($_POST) shows you.)

 

Then, stripslashes() returns -zls-, then trim() returns -zls-, then strlen() returns zero.

Edited December 30, 2014 by bsmither