...

View Full Version : if statement problems



palm88
04-16-2008, 01:12 PM
I got this working fine, but i wish to get rid of the die statement and make the entire thing one statement (if you know what i mean)


if ($_POST['kill_button']){

if(!stripslashes($_POST['kill_username']) || !stripslashes($_POST['message'])){
print "Please enter a username and message.";
die;
}

elseif (!stripslashes($_POST['subject'])){
$subject = "No Subject Title.";
}
if($username_check < "1"){
echo "No such user!";
unset($reg_username);
}}

if (strip_tags($_POST['kill_username'])){
mysql_query("INSERT INTO `inbox` ( `id` , `to` , `from` , `message` , `subject` , `date` , `read` , `saved` , `event_id` )
VALUES (
'', '$kill_username', '$username', '$message', '$subject', '$date', '0', '0', '0'
)");
mysql_query("UPDATE `user_info` SET `messages` = `messages`+1 WHERE username='$username'");
///
echo "Message sent to $kill_username!";
}

I want it generally to be somthing along these lines, but cant seem to get it working


<?php
if ($_POST['kill_button']) {

if(!stripslashes($_POST['kill_username']) || !stripslashes($_POST['message'])) {
print "Please enter a username and message.";
} elseif (!stripslashes($_POST['subject'])) {
$subject = "No Subject Title.";
} elseif($username_check < "1") {
print "No such user!";
unset($reg_username);
}

} else {

mysql_query("INSERT INTO `inbox`
(`id` ,`to` ,`from` ,`message` ,`subject` ,`date` ,`read`, `saved` ,`event_id` ) VALUES (
'', '$kill_username', '$username', '$message', '$subject', '$date', '0', '0', '0')");

mysql_query("UPDATE `user_info` SET `messages` = `messages`+1 WHERE username='$username'");

echo "Message sent to $kill_username!";

}
?>

abduraooft
04-16-2008, 01:18 PM
Always use die() with all mysql_query stataments at the end like
mysql_query("UPDATE `user_info` SET `messages` = `messages`+1 WHERE username='$username'") or die(mysql_error());

NancyJ
04-16-2008, 01:30 PM
Always use die() with all mysql_query stataments at the end like
mysql_query("UPDATE `user_info` SET `messages` = `messages`+1 WHERE username='$username'") or die(mysql_error());

If you want your users to see a really unfriendly error message in the event that something goes wrong. Of course, well written code should go wrong.

The easiest way to get around all your various conditions would be to set a flag.

eg.



if ($_POST['kill_button']){
$doquery=true;
if(!stripslashes($_POST['kill_username']) || !stripslashes($_POST['message'])){
print "Please enter a username and message.";
$doquery = false;
}

if (!stripslashes($_POST['subject'])){
$subject = "No Subject Title.";
}
if($username_check < "1"){
echo "No such user!";
unset($reg_username);
$doquery=false;

}

if (strip_tags($_POST['kill_username']) && $doquery){
mysql_query("INSERT INTO `inbox` ( `id` , `to` , `from` , `message` , `subject` , `date` , `read` , `saved` , `event_id` )
VALUES (
'', '$kill_username', '$username', '$message', '$subject', '$date', '0', '0', '0'
)");
mysql_query("UPDATE `user_info` SET `messages` = `messages`+1 WHERE username='$username'");
///
echo "Message sent to $kill_username!";
}


The whole thing could of course be better written and are you working with register globals on? You're performing your stripslashes on $_POST but using named variables in your query without assigning the post value to the variable.

palm88
04-16-2008, 01:39 PM
I can show the whold script if it helps, it is messy and unfinished.


<?
session_start();
include_once "includes/db_connect.php";
$username=$_SESSION['username'];
$fetch=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$username'"));
$fromper=$_GET['fromper'];
$goody = mysql_query("SELECT `message`, `date`, `from` FROM `inbox` WHERE `id`='$rep'");

while($success = mysql_fetch_row($goody)){
$ini = $success[0];
$dateon = $success[1];
$fromper = $success[2];
}

$kill_username=strip_tags($_POST['kill_username']);
$message=strip_tags($_POST['message']);
$subject = strip_tags($_POST['subject']);
$date = gmdate('Y-m-d h:i:s');
$username_check = mysql_num_rows(mysql_query("SELECT username FROM users WHERE username='$kill_username'"));

if ($_POST['kill_button']){

if(!stripslashes($_POST['kill_username']) || !stripslashes($_POST['message'])){
print "Please enter a username and message.";
die;
}

elseif (!stripslashes($_POST['subject'])){
$subject = "No Subject Title.";
}
if($username_check < "1"){
echo "No such user!";
unset($reg_username);
}}

if (strip_tags($_POST['kill_username'])){
mysql_query("INSERT INTO `inbox` ( `id` , `to` , `from` , `message` , `subject` , `date` , `read` , `saved` , `event_id` )
VALUES (
'', '$kill_username', '$username', '$message', '$subject', '$date', '0', '0', '0'
)");
mysql_query("UPDATE `user_info` SET `messages` = `messages`+1 WHERE username='$username'");
///
echo "Message sent to $kill_username!";
}


?>



<link href="includes/in.css" rel="stylesheet" type="text/css">


</form>
<table width="76&#37;" border="0" align="center" cellpadding="0" cellspacing="3">
<tr>
<td>
<div align="center">
<center>
<table border="o" cellpadding="0" cellspacing="0" class=tablearea style="border-collapse: collapse">
<form name="form1" method="post" action="">

<tr>
<td colspan="2" class="TableHeading"><center>

Compose Message
</center></td>
</tr>
<tr>
<td class="TableArea">Username:</td>
<td class="TableArea">
<input name="kill_username" type="text" class="input" id="kill_username3" value='<?php echo $fromper; ?>' size="20"></td>
</tr>
<tr>
<td class="TableArea">Subject Title:</td>
<td class="TableArea">
<input name="subject" type="text" class="input" id="subject" size="50"></td>
</tr>
<tr>
<td valign="top" class="TableArea">Message:</td>
<td class="TableArea"><textarea name="message" cols="50" rows="10" type="text" id="message"><?php
if($_GET['id']) {
$id = $_GET['id'];
$reply = mysql_query("SELECT * FROM inbox WHERE id = '$id'");
$fetch_reply = mysql_fetch_object($reply);
echo "On $fetch_reply->date $fromper said:
$fetch_reply->message"; } ?></textarea></td>
</tr>
<tr>
<td colspan="2" class="TableArea"><div align="right">
<input name="kill_button" type="submit" class="submit" id="kill_button3" value="Submit">
</div></td>
</tr>
</table>
</center></form>
</div>
</td>
</tr>

<SCRIPT>
<!--
function input(Item) {
document.getElementById('send_id').value = Item;
}

//-->
</SCRIPT>
</table>

creative stasis
04-16-2008, 11:21 PM
Here is an option that I think will work for you.



<?php
if ($_POST['kill_button']) {

if(!stripslashes($_POST['kill_username']) || !stripslashes($_POST['message'])) {
$errors[] = "Please enter a username and message.";
} elseif (!stripslashes($_POST['subject'])) {
$errors[] = "No Subject Title.";
} elseif($username_check < "1") {
$errrors[] "No such user!";
}
}

if (is_array($errors)){
foreach($errors as $value)
echo "$value <br />";
} else {

mysql_query("INSERT INTO `inbox`
(`id` ,`to` ,`from` ,`message` ,`subject` ,`date` ,`read`, `saved` ,`event_id` ) VALUES (
'', '$kill_username', '$username', '$message', '$subject', '$date', '0', '0', '0')");

mysql_query("UPDATE `user_info` SET `messages` = `messages`+1 WHERE username='$username'");

echo "Message sent to $kill_username!";

}
?>

aedrin
04-16-2008, 11:32 PM
This solution (creative statis') is indeed a cleaner/abstract than NancyJ's suggestion (although both work).

But you can improve even more on this, as you are ignoring any warnings.



<?php
$errors = array();

if ($_POST['kill_button']) {

if(!stripslashes($_POST['kill_username']) || !stripslashes($_POST['message'])) {
$errors[] = "Please enter a username and message.";
} elseif (!stripslashes($_POST['subject'])) {
$errors[] = "No Subject Title.";
} elseif($username_check < "1") {
$errrors[] "No such user!";
}
}

if (count($errors) > 0){
foreach($errors as $value)
echo "$value <br />";
} else {

mysql_query("INSERT INTO `inbox`
(`id` ,`to` ,`from` ,`message` ,`subject` ,`date` ,`read`, `saved` ,`event_id` ) VALUES (
'', '$kill_username', '$username', '$message', '$subject', '$date', '0', '0', '0')");

mysql_query("UPDATE `user_info` SET `messages` = `messages`+1 WHERE username='$username'");

echo "Message sent to $kill_username!";

}
?>


Notice the first line added, and the if condition that has changed.

creative stasis
04-16-2008, 11:45 PM
That'll work too...
not needed though.

EDIT :

I noticed in the


} elseif($username_check < "1") {
$errrors[] "No such user!";
}


$errors[] is spelled wrong.

palm88
04-17-2008, 12:53 PM
Thanks for the help guys. But it doesn't seem to work.

aedrin
04-17-2008, 04:24 PM
That'll work too...
not needed though.

Not needed? I prefer my server logs to be empty, rather than constantly filling up.


Thanks for the help guys. But it doesn't seem to work.

You know, they sell a little blue pill for... Oh, you mean the code we gave you to learn from? You shouldn't just copy and paste it, but if you did, you will have to actually let us know what isn't working (and of course any error messages, etc.). Otherwise we will have to make assumptions. ;)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum