By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,654 Members | 1,419 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,654 IT Pros & Developers. It's quick & easy.

Need support on an if-else statment working one way only

P: 58
I have an application with 2 pages form . If there is an error,I set the action to the same page to display the errors .If no errors,I set the action to page2.php(that both processes and echoes a thankyou message).

I get the following results:

1-if an error,action is set to same page(page1)
2-if no error,action is still set to same page(page1)
3-if no error,and I submit from page1 that is displaying an error,action is then set to page2.php

I played with various variations of if/else statements,but in vain.

[php]

<?
if($errmsg == '')
{
?>
<FORM action ="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data" name="form1">
<?
}
else {
?>
<FORM action="form2.php" method="post" enctype="multipart/form-data" name="form2">
<?
}
?>
....rest of form....
[/php]
Jul 27 '07 #1
Share this Question
Share on Google+
7 Replies


kovik
Expert 100+
P: 1,044
Why can't you handle everything in one file...?

If you must do it this way, look into header() redirection.

Also, FYI, PHP_SELF opens you up to XSS and should not be used without filtering.
Jul 27 '07 #2

pbmods
Expert 5K+
P: 5,821
Heya, Jankie.

I think that you are doing the right thing by keeping your view and controller code separate.

To solve the problem, simply ALWAYS have the form go to page2.php, and have page2.php validate the data before it processes it. If the data is bad, use header() redirection to send the User back to page1.php.

If the data is good, process it and then redirect to page3.php (or wherever you want to send him once the script is finished).

header() redirection works like this:

Expand|Select|Wrap|Line Numbers
  1. header('Location: http://mysite.tld/path/to/some/other/file.ext');
  2. exit;
  3.  
Volectricity has written an article that (among other things) covers the best way to specify a location for a redirect. The article is available here.
Jul 28 '07 #3

P: 58
Thank you for both of you!
I'll try Pbmods suggestion as it goes in line with my application structure(I do have a page3.php).
This freaking code has been killing me for 2 hours now.
If I set

[php]

if ($error) { // only this part works
..
}
elseif (!$error) { // this does not
..
}

[/php]

Reversing it,the other part that does not work,now it does.

[php]

if (!$error) { // this part now works
..
}
elseif ($error) { // na,not this time.
..
}
[/php]
Jul 28 '07 #4

pbmods
Expert 5K+
P: 5,821
Heya, Jankie.

Try this:

Expand|Select|Wrap|Line Numbers
  1. if(empty($error))
  2. {
  3.     .
  4.     .
  5.     .
  6. }
  7. else
  8. {
  9.     .
  10.     .
  11.     .
  12. }
  13.  
Note that there is no 'elseif' in this example; you should always have a 'default'.
Jul 28 '07 #5

P: 58
That didnt work either,but I found out it is not because of the code.
I found out that It is about how the $error variable is interpreted by the if/else statement.

So my code was meant to be :

[php]

if($error != '') {// if $error is Not empty(there's an error)
remain on same page.
}
[/php]

was interpreted as

[php]

if($error != '') {// if $error is Not displayed(and thus there's no error)
remain on same page.// thus stopping error-free input from moving to thanks.php
}
[/php]
Jul 28 '07 #6

P: 58
Thank you Volectricity for bringing the php_self vulnerability to my attention.
Just back from that article on your site(nice site by the way).

It's sad though that this beautiful feature can be maliciously manipulated.
I have php_self everywhere,even in my redirection code.check this out:


[php]
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'page.php';
header("Location: http://$host$uri/$extra");
exit;
}
[/php]
Can the php_self in the $uri be vulnerable as well ?
I'll check your article about redirection Pbmods kindly pointed out yesterday.
Jul 29 '07 #7

kovik
Expert 100+
P: 1,044
So my code was meant to be :

[php]

if($error != '') {// if $error is Not empty(there's an error)
remain on same page.
}
[/php]
[php]if(!empty($error))
{
// Do something
}[/php]
Jul 29 '07 #8

Post your reply

Sign in to post your reply or Sign up for a free account.