Help need with some php code

[FXSniperGuy]

Hello,

I have this php file 

 

<?php
$account_no = empty($_POST['account_no']) ? : $_POST['account_no'];
$valid_accounts = array(501412195);

$result = in_array((int)$account_no,$valid_accounts);
if($result) {
	echo('Success');
} else {
	echo('Failed! - no account where found... ');
}

?>

It print out "Failed! - no account where found..." no matter what account number im using.

If i change
$result = in_array((int)$account_no,$valid_accounts); 
to $result = in_array($account_no,$valid_accounts);
it print out "Success" not matter what  account number i use.

What is wrong with the code i have?

Edited Wednesday at 09:02 PM by FXSniperGuy

[FXSniperGuy]

Admin please delete the post above thx. 

Edited Wednesday at 09:21 PM by FXSniperGuy
It make no sense, i need to make a new question with more explanation

[gizmola]

You didn't provide the form that targets this script, but often the issue with people new to PHP superglobals, is that $_POST only gets set to data that is in an actual POST request.  

<form action="url/to/yourscript.php" method="POST">

 

If the form includes a file input, you also need to set the enctype to multipart/form-data.

<form method="post" action="url/to/yourscript.php" enctype="multipart/form-data">

 

Your code has this:

$account_no = empty($_POST['account_no']) ? : $_POST['account_no'];

 

A cleaner way to handle this would be to use the null coalescing operator "??"

$account_no = $_POST['account_no'] ?? 0;

 

One last piece of advice:  Leave off the PHP end tag.  You don't need it, and in some cases it can cause trouble.   This and other formatting standards and advice can be reviewed in https://www.php-fig.org/per/coding-style/

[mac_gyver]

the reason for unusual operation is the ternary operator without a middle term, that the input is probably not what you expect, and php's type casting.

when you leave out the middle term in the ternary operator, when the first term evaluates to true, the value used is whatever the first term is, which will be a boolean true due to the empty() statement.

instead, your post method form processing code should -

1. detect if a post method form was submitted before referencing any of the form data.
2. detect if there is $_POST data (in case the post_max_size setting has been exceeded.)
3. keep the form data as a set in a php array variable, then operate on elements in this array variable throughout the rest of the code.
4. trim all the input data, mainly so that you can detect if all white-space characters were entered.
5. validate all inputs, storing user/validation errors in an array using the field name as the array index.
6. after the end of the validation logic, if there are no user/validation errors, use the form data.
7. after using the form data, if there are no user/validation errors, perform a redirect to the exact same url of the current page to cause a get request for that page. this will prevent the browser from trying to resubmit the form data should that page get browsed back to or reloaded. if you want to display a one-time success message, store it or a flag value in a session variable, then test for, display the success message, and clear the session variable at the appropriate location in the html document.
8. if there are user/validation errors, the code will continue on to display the html document, where you will test for and display any errors, redisplay the form, populating fields with existing data, so that the user only needs to correct the invalid input(s) and can resubmit the form.

[FXSniperGuy]

Thank you both for your reply.

I use this php script with a webrequest from an Expert Advisor in MT4.
The webrequest looks like this :
 

   string url = "https://johnnylai.me/license/customers.php";
   string headers;
   char post[];
   char result[];
   string resultHeaders;
   int response = WebRequest("GET", url, headers, 1000, post, result, resultHeaders);
   
   Print(__FUNCTION__," > Server response is ", response, " and the error is ", GetLastError());
   Print(__FUNCTION__," > ", CharArrayToString(result));
  
   return(INIT_SUCCEEDED);

I know it has nothing to do with php, but the only reason i ask in here about that was that i use a php script to check on my server if the account was there or not and no matter what account no i use it does not see it in the php array, so i guess the problem is in the php script cause the mq4 code seems to talk to the php on my server.

This is the message i get in MT4 expert tab telling me there's no account.

Edited 19 hours ago by FXSniperGuy

[FXSniperGuy]

14 minutes ago, FXSniperGuy said:

Thank you both for your reply.

I use this php script with a webrequest from an Expert Advisor in MT4.
The webrequest looks like this :
 

   string url = "https://johnnylai.me/license/customers.php";
   string headers;
   char post[];
   char result[];
   string resultHeaders;
   int response = WebRequest("GET", url, headers, 1000, post, result, resultHeaders);
   
   Print(__FUNCTION__," > Server response is ", response, " and the error is ", GetLastError());
   Print(__FUNCTION__," > ", CharArrayToString(result));
  
   return(INIT_SUCCEEDED);

I know it has nothing to do with php, but the only reason i ask in here about that was that i use a php script to check on my server if the account was there or not and no matter what account no i use it does not see it in the php array, so i guess the problem is in the php script cause the mq4 code seems to talk to the php on my server.

This is the message i get in MT4 expert tab telling me there's no account.

if i add a "echo($account_no);" then it shows me there's "0" account numbers in that array, so the problem for me seems to be this line
$account_no = $_POST['account_no'] ?? 0;

Edited 19 hours ago by FXSniperGuy

[mac_gyver]

1 hour ago, FXSniperGuy said:

int response = WebRequest("GET", url, headers, 1000, post, result, resultHeaders);

according to the 1st parameter, you are making a GET request. not a POST request.

the main point of my 1st reply in this thread is that your code must validate (all) input data before using it. the account_no input is required (not an empty string), it must consist of a specific set of characters (decimal digits), and it might need to be a specific length or range of lengths. if it is not valid, it is an application error and you should setup and output a useful error message for each of these possible validation steps, and not attempt to use the input data. your first posted code and the code using the null coalescing operator are suppressing any helpful php errors (you would be getting an undefined index error) that would be pointing out that there is no expected entry in $_POST.

so, you must change the php code to use $_GET['account_no'], and you must trim, then validate the input before using it. you would only get to the point of testing if the value is in the array of $valid_accounts if the input is valid.

[FXSniperGuy]

This is how my scripts looks like now.

PHP

<?php
$account_no = $_GET['account_no'] ?? 0;

echo ("Account No: ".$account_no."<br>");

$account = trim($account_no);

echo("Trimmed account no: ".$account."<br>");

$valid_accounts = array(501412195,501412196,501412197);

foreach($valid_accounts as $valid){
echo("Valid accounts: ".$valid."<br>");
}

$result = in_array($account,$valid_accounts);
if($result) {
	echo('Success');
} else {
	echo('Failed! - no account where found... ');
}

?>

And the mq4 (MT4) webrequest

 

   string url = "https://johnnylai.me/license/customers.php";
   string headers;
   char post[];
   char result[];
   string resultHeaders;
   int response = WebRequest("POST", url, headers, 1000, post, result, resultHeaders);
   
   Print(__FUNCTION__," > Server response is ", response, " and the error is ", GetLastError());
   Print(__FUNCTION__," > ", CharArrayToString(result));
  
   return(INIT_SUCCEEDED);

And the result in a browser looks like this

And in MT4 expert tab

So to me it looks like there's nothing in the $account_no in the second line of the php code from MT4. The account number is missing.

There's something wrong in this line since it return zero.
$account_no = $_GET['account_no'] ?? 0;

What have i forgot ? lol

Edited 15 hours ago by FXSniperGuy

[mac_gyver]

have you examined what the $_GET data is?

echo '<pre>'; print_r($_GET); echo '</pre>';

 

[FXSniperGuy]

43 minutes ago, mac_gyver said:

have you examined what the $_GET data is?

echo '<pre>'; print_r($_GET); echo '</pre>';

 

Now i have and is show this

[FXSniperGuy]

I also found out i forgot to add 3 lines in the MT4 code, so it looks like this now.
 

   string url = "https://johnnylai.me/license/customers.php";
   string headers;
   
   char post[];
   int accountNumber = (int)AccountInfoInteger(ACCOUNT_LOGIN);
   string postText = "account_no="+IntegerToString(accountNumber);
   StringToCharArray(postText, post, 0, WHOLE_ARRAY, CP_UTF8);
   
   char result[];
   string resultHeaders;
   int response = WebRequest("POST", url, headers, 1000, post, result, resultHeaders);
   
   Print(__FUNCTION__," > Server response is ", response, " and the error is ", GetLastError());
   Print(__FUNCTION__," > ", CharArrayToString(result));
  
   return(INIT_SUCCEEDED);

 

Edited 13 hours ago by FXSniperGuy