...

View Full Version : something is wrong :(



muhaidib
06-06-2005, 10:21 PM
hey all,, hope u are havin a good day,,

there is something bad about this code,,, i edited it to add a third selection but it was :eek: lol


<?php

if (isset($_POST['style']) && $_POST['style'] == 'blue')
{
$style_sheet = 'blue';
} else {
$_POST['style'] == 'default')
{
$style_sheet = 'default';
}} else {
$_POST['style'] == 'green')
{
$style_sheet = 'green';
}}
setcookie('css',$style_sheet,time()+999999999);

?>

sweenster
06-06-2005, 10:41 PM
try simplifying things a bit:



<?
if (isset($_POST['style']))
{
$style_sheet = $_POST['style'];
} else {
$style_sheet = "default";
}

setcookie('css',$style_sheet,time()+999999999);

?>

muhaidib
06-06-2005, 11:04 PM
perfect!

thanks alot bro :) :thumbsup:

Fou-Lu
06-07-2005, 03:02 AM
If I were you, I'd slightly modify that code to only allow what I say should go through. I suppose I'm a little paranoid when it comes to this, but I wouldn't ever trust a user input as being valid:


$allowed_stylesheets = array(
'blue',
'green'
);

if (isset($_POST['style']) AND in_array($_POST['style'], $allowed_stylesheets))
{
$style_sheet = $_POST['style'];
}
else
{
$style_sheet = 'default';
}

setcookie('css',$style_sheet,time()+999999999);

mrruben5
06-07-2005, 11:49 AM
Why not use a switch to do the job?

marek_mar
06-07-2005, 12:10 PM
Arrays are easyer to maintain... the best [possibility would be to check if a stylesheet exists and including it. Installing a new stylesheet would be limited to uploading the file to a folder.

If I were you, I'd slightly modify that code to only allow what I say should go through. I suppose I'm a little paranoid when it comes to this, but I wouldn't ever trust a user input as being valid
If paranoid is common sense...

Fou-Lu
06-07-2005, 04:48 PM
Arrays are easyer to maintain... the best [possibility would be to check if a stylesheet exists and including it. Installing a new stylesheet would be limited to uploading the file to a folder.

If paranoid is common sense...
lol
I picked that up from a combination of yours and rafs responses. Prior to my posting here, I hadn't realized how poorly coded my work had been. That reminds me, I haven't seen raf in like forever.
Anyway.
You could use a switch for this if you really wanted to, but I don't see much by way of expansion for that with the validation. You would need to create a case for each individual style that you would like to use, which would be alright but suppose you wanted to start doing like ten themes. The ten lines of code that I've posted there will be a lot easier to maintain than adding a new case for each one, smaller in size as well. And practically speaking, I'd say that the load time of taking an element from an array and comparing it to the existance of another value is probably quicker than that of using a switch and case feature, considering that all values would be comming from the same place. Honestly though, this would mearly be a matter of taste I suppose, the time difference for whichever would end up quicker would be so minute, you couldn't record it on anything less than a thousandth of a second. So its a matter of choice.

marek_mar
06-07-2005, 06:12 PM
By "maintain" I ment everything you wrote after "anyway" :) But you used the word "maintain" so it can't be a definition.
It's always good to check input data as sometimes unexpected things may hapen. Some very serious phpBB bug was caused by not checking a varaible type.
BTW Raf was here a few days ago.

raf
06-07-2005, 11:54 PM
That reminds me, I haven't seen raf in like forever.

i know... to much work...

i personally prefer to use arrays because you can create the array in a seperate file, and then include it where you need it. in some pages, you'll include it and check if there is a member with that arrayname (like in this situation) and in another page, you'll use the array to build a listbox where the user can select a stylesheet etc.
+ arrays are for me a datasource, where a switch is a language-contruct to implement some logic.
in this situation, you just wanna know if the stylesheetname is a member of your stylesheet-collection, so i don't realy see why you'd use a switch.

Spookster
06-08-2005, 05:51 AM
You need to read our posting guidelines specifically number 2.

http://www.codingforums.com/postguide.htm



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum