Jump to content

What is the correct way to do multiple isset statement?


piano0011

Recommended Posts

Hey guys!

I have seen on the internet a couple of ways to write the following statement but the latter one looks a bit weird with that extra opening ( before !isset, which way is the norm here?

if (isset($_POST['room']) || ($_POST['cottage']) || ($_POST['villa'])) {

}

but I have seen somewhere that you can also write if ((!isset($_POST['submit'])) || ($_GET['u_uid']))

Link to comment
Share on other sites

Okay... because I am trying to follow this tutorial on how to set up a forum but I am stucked at around the 13:23 mins mark. When I tested the page at the end of that video segment, it is always saying that I am not logged in even though that I am.. I will attach the two latest files, which I think should be working hand in hand below. It should take me to the create_topic.php page. It seems that the $_GET variable is not picking up the cid

<?php
include_once 'header.php';

if (!isset($_SESSION['u_uid'])) {
	header("Location: index.php?view_category=notlogin");
	exit();
} else {
	include_once 'includes/dbh.php';
	$cid = $_GET['cid'];
	$logged = "  <a href='create_topic.php?cid=".$cid."'>Click here to create a topic</a>";


$sql = "SELECT id FROM categories WHERE id= '".$cid."' LIMIT 1";

$stmt = mysqli_stmt_init($conn);

	if (!mysqli_stmt_prepare($stmt, $sql)) {
	   echo 'SQL error';
	   
	} else {
	    
	    mysqli_stmt_execute($stmt);
	    $result = mysqli_stmt_get_result($stmt);
	    $resultCheck = mysqli_num_rows($result);

	    if ($resultCheck >0) {
            $sql2 = "SELECT * FROM topics WHERE category_id='".$cid."' ORDER BY topic_reply_date DESC";
            $stmt = mysqli_stmt_init($conn);

	if (!mysqli_stmt_prepare($stmt, $sql2)) {
	   echo 'SQL error';
	   
	} else {
	    
	    mysqli_stmt_execute($stmt);
	    $result2 = mysqli_stmt_get_result($stmt);
	    $resultCheck2 = mysqli_num_rows($result2);

	    if ($resultCheck2 > 0) {
           $topics .= "<table width='100%' style='border-collapse: collapse:'>";
           $topics .= "<tr><td colspan='3'><a href='forum.php'>Return to Forum Index</a>".$logged."</td></tr>";
           $topics .= "<tr style='background-color: #dddddd:'><td>Topic Title</td>><td width='65' align='center'>Replies</td><td width='65' align='center'>Views</td></tr>";
           $topics .= "<tr><td colspan='3'><hr></td></tr>";

           while ($row = mysqli_fetch_assoc($result2)) {
              $tid = $row['id'];
              $title = $row['topic_title'];
              $views = $row['topic_views'];
              $date = $row['topic_date'];
              $creator = $row['topic_creator'];
              $topics .= "<tr><td><a href='view_topic.php?cid=".$cid."&tid=".$tid."'>".$title."</a><br /><span class='post_info'>Posted by: ".$creator." on ".$date."</span></td><td align='center'>0</td><td align='center'>".$views."</td></tr>";
              $topics .= "<tr><td colspan='3'><hr /></td></tr>";
           }
           $topics .= "</table>";
	    } else {
	    	echo "<a href='header.php'>Return to the Forum page</a>";
	    	echo "<p> There are no topics in this Category yet.".$logged."</p>";
	    }
	    } 
	    }else {
	    	echo "<a href='header.php'>Return to the Forum page</a>";
	    	echo "<p> You are trying to view a catebory that does not exists yet.</p>";
	}
}

}

// This is the second file called create_topic.php

<?php
include_once 'header.php';

if ((!isset($_SESSION['u_uid'])) || ($_GET['cid'])) {
	header("Location: index.php?create_topic=notlogin");
	exit();
} 
	$cid = $_GET['cid'];



?>

<!DOCTYPE html>
<html>
<head>
	<title></title>
</head>
<body>
<form action="create_topic_parse.php" method="POST">
	<label>Topic Title</label>
    <br></br>
    <input type="text" name="topic_title" size="98" maxlength="150">
    <br></br>
    <label>Topic Content</label>
    <br></br>
    <textarea name="topic_content" rows="5" cols="75"></textarea>
    <br></br>
    <br></br>
    <input type="hidden" name="cid" value="<?php echo $cid; ?>">
    <input type="submit" name="topic_submit" value="Create Your Topic">

</form>
</body>
</html>

 

 

Link to comment
Share on other sites

I just saw your comment just then... maybe I should change the || to &&.. That is weird.... I changed it to && and it does work but just wondering how come it is working in the tutorial? My apologies, he made a mistake in the video.. he forgot to check to see if it is an empty string

Link to comment
Share on other sites

this code is not secure and doesn't teach good programming practices .

the existence or absence of a $_GET parameter doesn't have anything to do with being logged in.

some or all of the following are recommendations that have been posted in your threads on this forum -

all input data needs to be separately validated before using it and you need to setup unique and helpful error messages for each validation test that fails. the session variable, that indicates being logged in or not, is one input. a specific, non-empty,  integer, $_GET parameter, is another input.

you need stop putting data directly into sql query statements. use prepared queries.

you need to use exceptions to handle database statement errors.

doing the things that are being posted in the replies in your threads will help produce more secure code (there are things beyond what has been written, such as applying htmlentities() to data being output, that we haven't even gotten around to yet), produce code that will either work or it will tell you why it isn't working, and will result in simpler code (you are still copy/pasting cluttered up code that contains unnecessary things and is missing useful features.)

Link to comment
Share on other sites

here's another recommendation -

conditional error handling logic is usually shorter then the success logic. putting the error handling logic first, by inverting the condition being tested, gets it 'out of the way', so that the remaining logic is what deals with the successful execution path. this will eliminate the 'stray'', uncommitted else {...} blocks at the end, that are hard to match up with the corresponding if(){} statement, when the indentation isn't perfect.

Link to comment
Share on other sites

4 minutes ago, Barand said:

It's not the same guy, but except for his lack of unique ideas, this guy reminds me very much of a dedicated copy and paster on another forum.

Pretty sure I know who you are talking about. In this case, it is the same guy. Same username, same profile pic, same subject matter.

Link to comment
Share on other sites

I have listened and in my other forum, I did mention that my database is working. I know that we all have our own unique ways to set up variables but I do understand how to get it to work with my database. I am not copying and pasting but am a visual learning and therefore learns thing when other people are showing contents, such as on the youtube videos. I just find it easier to learn that way. I have also read some stuff from stackoverflow but they mentioned that isset is mainly used to see if a variable is set such as in a form? I should use session to determine if a session exists or not? Besides, I have no prior computer skills so I need to find ways to learn from scratch and tried to make effort to learn..

Link to comment
Share on other sites

The problem with learning that way is that those creating the videos that you are learning from barely know any more than you, so you end up using the crap code that they are peddling. For instance, this extract from your code is not the way to use prepared statements, as a glance at the reference manual would show you.

$sql = "SELECT id FROM categories WHERE id= '".$cid."' LIMIT 1";

$stmt = mysqli_stmt_init($conn);

	if (!mysqli_stmt_prepare($stmt, $sql)) {
	   echo 'SQL error';
	   
	} else {

 

Link to comment
Share on other sites

IMHO - picking up something from a video is not LEARNING.  Read. Read. Read.  And stop trying to take the easy out. 

Such is life.  If you had bothered to read the manual on this topic I think you would completely understand how to use and how it works more fully than what you apparently know about it as of this writing.

Link to comment
Share on other sites

OP, I see you have now wandered over to yet a another forum I moderate with the same topics. Jumping from forum to forum is not going to do you any good. Do what @ginerjm has advised and READ. Most of the people doing tutorials, video or otherwise, have no business doing it. You STILL have not implemented the basic things you have been told repeatedly at least two forums sites ago. We are not here to fix some third party noobs code that you are trying to learn from.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.