What is the correct way to do multiple isset statement?

[piano0011]

Hey guys!

I have seen on the internet a couple of ways to write the following statement but the latter one looks a bit weird with that extra opening ( before !isset, which way is the norm here?

if (isset($_POST['room']) || ($_POST['cottage']) || ($_POST['villa'])) {

}

but I have seen somewhere that you can also write if ((!isset($_POST['submit'])) || ($_GET['u_uid']))

[requinix]

Neither is right, and really they're the same thing anyways.

You might have actually seen

if (isset($_POST["room"], $_POST["cottage"], $_POST["villa"])) {

Look where the parentheses are, then check the documentation if you're not sure what it does.

[maxxd]

Note that requinex's snippet checks for the existence of all the variables, so it's the equivalent of using '&&', not '||'.

[piano0011]

Okay... because I am trying to follow this tutorial on how to set up a forum but I am stucked at around the 13:23 mins mark. When I tested the page at the end of that video segment, it is always saying that I am not logged in even though that I am.. I will attach the two latest files, which I think should be working hand in hand below. It should take me to the create_topic.php page. It seems that the $_GET variable is not picking up the cid

<?php
include_once 'header.php';

if (!isset($_SESSION['u_uid'])) {
	header("Location: index.php?view_category=notlogin");
	exit();
} else {
	include_once 'includes/dbh.php';
	$cid = $_GET['cid'];
	$logged = "  <a href='create_topic.php?cid=".$cid."'>Click here to create a topic</a>";


$sql = "SELECT id FROM categories WHERE id= '".$cid."' LIMIT 1";

$stmt = mysqli_stmt_init($conn);

	if (!mysqli_stmt_prepare($stmt, $sql)) {
	   echo 'SQL error';
	   
	} else {
	    
	    mysqli_stmt_execute($stmt);
	    $result = mysqli_stmt_get_result($stmt);
	    $resultCheck = mysqli_num_rows($result);

	    if ($resultCheck >0) {
            $sql2 = "SELECT * FROM topics WHERE category_id='".$cid."' ORDER BY topic_reply_date DESC";
            $stmt = mysqli_stmt_init($conn);

	if (!mysqli_stmt_prepare($stmt, $sql2)) {
	   echo 'SQL error';
	   
	} else {
	    
	    mysqli_stmt_execute($stmt);
	    $result2 = mysqli_stmt_get_result($stmt);
	    $resultCheck2 = mysqli_num_rows($result2);

	    if ($resultCheck2 > 0) {
           $topics .= "<table width='100%' style='border-collapse: collapse:'>";
           $topics .= "<tr><td colspan='3'><a href='forum.php'>Return to Forum Index</a>".$logged."</td></tr>";
           $topics .= "<tr style='background-color: #dddddd:'><td>Topic Title</td>><td width='65' align='center'>Replies</td><td width='65' align='center'>Views</td></tr>";
           $topics .= "<tr><td colspan='3'><hr></td></tr>";

           while ($row = mysqli_fetch_assoc($result2)) {
              $tid = $row['id'];
              $title = $row['topic_title'];
              $views = $row['topic_views'];
              $date = $row['topic_date'];
              $creator = $row['topic_creator'];
              $topics .= "<tr><td><a href='view_topic.php?cid=".$cid."&tid=".$tid."'>".$title."</a><br /><span class='post_info'>Posted by: ".$creator." on ".$date."</span></td><td align='center'>0</td><td align='center'>".$views."</td></tr>";
              $topics .= "<tr><td colspan='3'><hr /></td></tr>";
           }
           $topics .= "</table>";
	    } else {
	    	echo "<a href='header.php'>Return to the Forum page</a>";
	    	echo "<p> There are no topics in this Category yet.".$logged."</p>";
	    }
	    } 
	    }else {
	    	echo "<a href='header.php'>Return to the Forum page</a>";
	    	echo "<p> You are trying to view a catebory that does not exists yet.</p>";
	}
}

}

// This is the second file called create_topic.php

<?php
include_once 'header.php';

if ((!isset($_SESSION['u_uid'])) || ($_GET['cid'])) {
	header("Location: index.php?create_topic=notlogin");
	exit();
} 
	$cid = $_GET['cid'];



?>

<!DOCTYPE html>
<html>
<head>
	<title></title>
</head>
<body>
<form action="create_topic_parse.php" method="POST">
	<label>Topic Title</label>
    <br></br>
    <input type="text" name="topic_title" size="98" maxlength="150">
    <br></br>
    <label>Topic Content</label>
    <br></br>
    <textarea name="topic_content" rows="5" cols="75"></textarea>
    <br></br>
    <br></br>
    <input type="hidden" name="cid" value="<?php echo $cid; ?>">
    <input type="submit" name="topic_submit" value="Create Your Topic">

</form>
</body>
</html>

 

 

[piano0011]

I just saw your comment just then... maybe I should change the || to &&.. That is weird.... I changed it to && and it does work but just wondering how come it is working in the tutorial? My apologies, he made a mistake in the video.. he forgot to check to see if it is an empty string

Edited July 21, 2018 by piano0011

[mac_gyver]

this code is not secure and doesn't teach good programming practices .

the existence or absence of a $_GET parameter doesn't have anything to do with being logged in.

some or all of the following are recommendations that have been posted in your threads on this forum -

all input data needs to be separately validated before using it and you need to setup unique and helpful error messages for each validation test that fails. the session variable, that indicates being logged in or not, is one input. a specific, non-empty,  integer, $_GET parameter, is another input.

you need stop putting data directly into sql query statements. use prepared queries.

you need to use exceptions to handle database statement errors.

doing the things that are being posted in the replies in your threads will help produce more secure code (there are things beyond what has been written, such as applying htmlentities() to data being output, that we haven't even gotten around to yet), produce code that will either work or it will tell you why it isn't working, and will result in simpler code (you are still copy/pasting cluttered up code that contains unnecessary things and is missing useful features.)

[mac_gyver]

here's another recommendation -

conditional error handling logic is usually shorter then the success logic. putting the error handling logic first, by inverting the condition being tested, gets it 'out of the way', so that the remaining logic is what deals with the successful execution path. this will eliminate the 'stray'', uncommitted else {...} blocks at the end, that are hard to match up with the corresponding if(){} statement, when the indentation isn't perfect.

[benanamen]

@mac_gyver, OP has been told over and over and over again what he needs to do and doesn't listen to anyone. He came to this forum after finally being ignored on another one. I even warned him in the introductions when he showed up here here about it.

[Barand]

It's not the same guy, but except for his lack of unique ideas, this guy reminds me very much of a dedicated copy and paster on another forum.

[benanamen]

4 minutes ago, Barand said:

It's not the same guy, but except for his lack of unique ideas, this guy reminds me very much of a dedicated copy and paster on another forum.

Pretty sure I know who you are talking about. In this case, it is the same guy. Same username, same profile pic, same subject matter.

[piano0011]

I have listened and in my other forum, I did mention that my database is working. I know that we all have our own unique ways to set up variables but I do understand how to get it to work with my database. I am not copying and pasting but am a visual learning and therefore learns thing when other people are showing contents, such as on the youtube videos. I just find it easier to learn that way. I have also read some stuff from stackoverflow but they mentioned that isset is mainly used to see if a variable is set such as in a form? I should use session to determine if a session exists or not? Besides, I have no prior computer skills so I need to find ways to learn from scratch and tried to make effort to learn..

Edited July 22, 2018 by piano0011

[Barand]

The problem with learning that way is that those creating the videos that you are learning from barely know any more than you, so you end up using the crap code that they are peddling. For instance, this extract from your code is not the way to use prepared statements, as a glance at the reference manual would show you.

$sql = "SELECT id FROM categories WHERE id= '".$cid."' LIMIT 1";

$stmt = mysqli_stmt_init($conn);

	if (!mysqli_stmt_prepare($stmt, $sql)) {
	   echo 'SQL error';
	   
	} else {

 

[piano0011]

I understand, I was trying to get it to work first before substituting it with the ?

[ginerjm]

IMHO - picking up something from a video is not LEARNING.  Read. Read. Read.  And stop trying to take the easy out. 

Such is life.  If you had bothered to read the manual on this topic I think you would completely understand how to use and how it works more fully than what you apparently know about it as of this writing.

[benanamen]

OP, I see you have now wandered over to yet a another forum I moderate with the same topics. Jumping from forum to forum is not going to do you any good. Do what @ginerjm has advised and READ. Most of the people doing tutorials, video or otherwise, have no business doing it. You STILL have not implemented the basic things you have been told repeatedly at least two forums sites ago. We are not here to fix some third party noobs code that you are trying to learn from.