Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Jun 2010
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Upside down execution of statements

    I have been writing php scripts for a short while and I just encountered something unusual.
    The php statements in particular files, notably the conditional statements are executed upside down.
    As in the statements at the bottom of the page are parsed before some in the middle of the script most especially when it comes to the 'if' statements. Some 'if' statements are skipped even when the condition is true and then the 'elseif' statements are executed.
    What could be the problem?
    Thanks in advance.

  • #2
    New Coder
    Join Date
    Jun 2010
    Location
    The Netherlands
    Posts
    52
    Thanks
    0
    Thanked 6 Times in 6 Posts
    Mind posting the code your talking about? We can't do anything without it.

  • #3
    New to the CF scene
    Join Date
    Jun 2010
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    This is the code. It is actually a script that conducts user registration by picking data posted from a form. What puzzles me is that the last statement of redirecting to 'complete.php' can get executed before anything else and therefore rendering much of the script useless.


    <?php
    require("connect.php");

    $first = "{$_POST['first']}";
    $last = "{$_POST['last']}";
    $email = "{$_POST['email']}";
    $phone = "{$_POST['phone']}";
    $username = "{$_POST['username']}";
    $password = "{$_POST['password']}";
    $password2 = "{$_POST['password2']}";

    // Disarm user entries

    $first = stripslashes($first);
    $last = stripslashes($last);
    $email = stripslashes($email);
    $phone = stripslashes($phone);
    $username = stripslashes($username);
    $password = stripslashes($password);
    $password2 = stripslashes($password2);
    $first = mysql_real_escape_string($first);
    $last = mysql_real_escape_string($last);
    $email = mysql_real_escape_string($email);
    $phone = mysql_real_escape_string($phone);
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);
    $password2 = mysql_real_escape_string($password2);


    // If any field is NULL

    if ($first==NULL)
    {
    header("location:first.php");
    }
    elseif ($last==NULL)
    {
    header("location:last.php");
    }
    elseif ($email==NULL)
    {
    header("location:email.php");
    }
    elseif ($phone==NULL)
    {
    header("locationhone.php");
    }
    elseif ($username==NULL)
    {
    header("location:username.php");
    }
    elseif ($password==NULL)
    {
    header("location:nopassword.php");
    }
    elseif ($password2==NULL)
    {
    header("location:nopassword2.php");
    }


    // If username then password is too short

    elseif (strlen($username)<5)
    {
    header("location:shortusername.php");
    }
    elseif (strlen($password)<6)
    {
    header("location:shortpassword.php");
    }


    // If passwords don't match

    elseif (!$password == $password2)
    {
    header("locationasswords.php");
    }


    // If username = password

    elseif ($usernameoo == $password)
    {
    header("location:same.php");
    }


    // If username already exists


    $result = mysql_query("SELECT * FROM profiles");

    while($row = mysql_fetch_array($result))
    {
    if ($row["username"]==$_POST['username'])
    {
    header("location:usernameexists.php");
    }
    }


    // If all is well

    $encrypt_password=md5($password);


    mysql_query ("INSERT INTO profiles (username, first, last, email, phone)
    VALUES ('$username','$first','$last','$email','$phone')");

    mysql_query ("INSERT INTO users (user, password)
    VALUES ('$username','$encrypt_password')");


    mysql_close($connect);

    header("location:complete.php");

    ?>

  • #4
    New Coder
    Join Date
    Jan 2006
    Posts
    73
    Thanks
    2
    Thanked 3 Times in 3 Posts
    That is a lot of elseif statements. elseif means that if the condition for the ifs above it do not match, it will check that statement. None of the conditions were met, so by nature, it takes you to complete.php. Based on the current track, there is no way that will suffice as a way of doing user registration.

    First, formatting:
    PHP Code:
    $first $_POST['first']; 
    is good enough for all of the strings similar to it. For the next batch, you have the string defined twice. Just do it like:
    PHP Code:
    $first mysql_real_escape_string(stripslashes($first)); 
    If a conditional statement (ifs, elseifs, etc.) has one call below it, it does not need the brackets.

    For what you want to do to check blank fields, why not just use the AND logical operator? Below, ! in front of a string means not set, or not, or no.

    PHP Code:
    if (!($first && $last && $email && $phone && $username && $password && $password2)) 
    If username already exists? Why use such a harsh query?
    PHP Code:
    $result mysql_query("SELECT * FROM profiles WHERE username=$username"); 
    I suggest reading documentation on php.net, it is really helpful. Books can also do wonders too for people if you choose to go that route as well. Good luck!
    Last edited by xGIHavoc; 06-22-2010 at 10:46 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •